Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Blocking WOW ports with a Linksys WRT54G running Firmware v4.30.5

Posted on 2006-10-26
9
Medium Priority
?
7,964 Views
Last Modified: 2011-08-18
I am managing access for a WLAN.  Our user agreement states that the main purpose for the WLAN is for email, IM, and Webcams as it is for deployed soldiers.

I am having issues with soldiers abusing the network by downloading large files from iTunes and playing online games like World of Warcraft.

Is there a way for me to block this traffic without blocking the computer?  Please advise.

Jack.
0
Comment
Question by:JackWooten
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 6

Expert Comment

by:kane77573
ID: 17812485
Yes, Just restict all the ports that those games use, or block port 80 and set only one pc to use port 80 and make that pc a proxy server and have everyone point there local internet explorer to that proxy.
use websense it has great filtering features.
Im sure there is a feature to only allow one pc internet access then just redirect everyone to that pc's proxy
0
 
LVL 6

Expert Comment

by:LindyMoff
ID: 17812557
Have you already blocked port 3724 for WoW traffic?
0
 

Author Comment

by:JackWooten
ID: 17812611
Sorry to ask the rediculously easy question... but I thought all ports other than standard were blocked by default.  The admin screen seems to only allow you to opt in ports... not opt out.

So, how do you block the port through the admin?
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17812975
Some firewalls can block IP's as well as DNS names, if you can find a list of the WOW ip's or DNS names it would be easy to block. You can block iTunes by blocking apple.com or these ip's
[whois.arin.net]
OrgName:    Apple Computer, Inc.
OrgID:      APPLEC-3
Address:    20740 Valley Green Drive, MS32E
City:       Cupertino
StateProv:  CA
PostalCode: 95014
Country:    US
NetRange:   17.0.0.0 - 17.255.255.255     (the subnet mask would be, 17.0.0.0 / 255.0.0.0 or for some firewalls the reverse, 0.255.255.255)
CIDR:       17.0.0.0/8
NetName:    APPLE-WWNET

There are however several sources that sell iTunes, so blocking apple.com won't block them all. This can be a real up hill battle, so I'd suggest implementing systems to alert you to the offenses and take action against the user as soon as a violation occurs. There are many ways to do this, some simpler than others. You can throttle the BW allocated to each PC using Traffic Shaping: http://en.wikipedia.org/wiki/Traffic_shaping
Monitoring useage with tools like Cacti, Ntop. Cacti has a plugin that can send pages or emails when a certain threshold has been exceeded, and ntop can simply compile a real-time report on current usage and break down the traffic by popular protocols.
http://www.ntop.org/overview.html (here is a win32 port) http://www.openxtra.co.uk/freestuff/ntop-xtra.php
http://cacti.net/  http://cactiusers.org/downloads/ (it's called Thold)
-rich
0
 
LVL 6

Accepted Solution

by:
LindyMoff earned 1500 total points
ID: 17812989
You should be able to restrict traffic on that port by clicking "access restrictions" and configuring a DENY rule (probably for all traffic) and then an ALLOW rule for traffic you want to let through (like port 80).

Or, you can just selectively deny access on port 3724 if all you want to block is WoW.
0
 

Author Comment

by:JackWooten
ID: 17817327
Got it.

Does anyone know what ports have to be blocked to restricted file downloads from iTunes?  I know this sounds overly restrictive... but we are fighting an up hill battle here for bandwidth.
0
 
LVL 6

Expert Comment

by:LindyMoff
ID: 17818595
Richrumble has a correct but possibly hard to implement answer to blocking iTunes traffic (you might want to give him some credit too).

Your router doesn't support DNS redirection as far as I know.  It does offer QoS, or "traffic shaping", which means you could give bandwidth priority to certain services (like video conferencing, for example).

Or, if you have control over your users' computers, you can edit their hosts files to block DNS, as outlined in this article:
http://www.teamonetickets.com/software/how-to-block-itunes-radio-streams.html

Rich is right that there are LOTS of sources for iTunes music so it's hard to block.  To get serious, you should consider a monitoring tool (I personally use ntop, cacti sounds pretty cool too).

If you want to take a chance on messing with your router(!), you could check out the OpenWRT project.  Basically this is a firmware replacement for your Linksys router that could give you extra features.  See if your router is compatible here (pay attention to version number for the WRT54G):
http://wiki.openwrt.org/TableOfHardware?action=show&redirect=toh

It does allow advanced features like hosting a mini DNS on it (http://wiki.openwrt.org/OpenWrtDocs/dnsmasq) and QoS (http://wiki.openwrt.org/MiniHowtos/QoSHowto).  However it's a labor intensive project, so if you're not very comfy with Linux I wouldn't recommend it.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17818735
I've sniffed Itunes traffic and it all depends where you DL from, some send files FTP (port 21) some port 80, most however use HttpS (SSL 443)... all of which are very common and unless you are blocking those ports from specific ip's or ranges... you'll block alot of legit traffic as well. Monitoring is great, traffic shaping is awesome when you have a good set of criteria to go by. You'll need to do some testing and trending to see what values to use for your traffic shaping, and sometimes you can use traffic shaping rules that allow you to use different settings for different traffic.
-rich
0
 

Author Comment

by:JackWooten
ID: 17818839
Thank you for the comments... I am learning as I go and you have both given me much to think and act on

Jack.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How does someone stay on the right and legal side of the hacking world?
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question