Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7972
  • Last Modified:

Blocking WOW ports with a Linksys WRT54G running Firmware v4.30.5

I am managing access for a WLAN.  Our user agreement states that the main purpose for the WLAN is for email, IM, and Webcams as it is for deployed soldiers.

I am having issues with soldiers abusing the network by downloading large files from iTunes and playing online games like World of Warcraft.

Is there a way for me to block this traffic without blocking the computer?  Please advise.

Jack.
0
JackWooten
Asked:
JackWooten
  • 3
  • 3
  • 2
  • +1
1 Solution
 
kane77573Commented:
Yes, Just restict all the ports that those games use, or block port 80 and set only one pc to use port 80 and make that pc a proxy server and have everyone point there local internet explorer to that proxy.
use websense it has great filtering features.
Im sure there is a feature to only allow one pc internet access then just redirect everyone to that pc's proxy
0
 
LindyMoffCommented:
Have you already blocked port 3724 for WoW traffic?
0
 
JackWootenAuthor Commented:
Sorry to ask the rediculously easy question... but I thought all ports other than standard were blocked by default.  The admin screen seems to only allow you to opt in ports... not opt out.

So, how do you block the port through the admin?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Rich RumbleSecurity SamuraiCommented:
Some firewalls can block IP's as well as DNS names, if you can find a list of the WOW ip's or DNS names it would be easy to block. You can block iTunes by blocking apple.com or these ip's
[whois.arin.net]
OrgName:    Apple Computer, Inc.
OrgID:      APPLEC-3
Address:    20740 Valley Green Drive, MS32E
City:       Cupertino
StateProv:  CA
PostalCode: 95014
Country:    US
NetRange:   17.0.0.0 - 17.255.255.255     (the subnet mask would be, 17.0.0.0 / 255.0.0.0 or for some firewalls the reverse, 0.255.255.255)
CIDR:       17.0.0.0/8
NetName:    APPLE-WWNET

There are however several sources that sell iTunes, so blocking apple.com won't block them all. This can be a real up hill battle, so I'd suggest implementing systems to alert you to the offenses and take action against the user as soon as a violation occurs. There are many ways to do this, some simpler than others. You can throttle the BW allocated to each PC using Traffic Shaping: http://en.wikipedia.org/wiki/Traffic_shaping
Monitoring useage with tools like Cacti, Ntop. Cacti has a plugin that can send pages or emails when a certain threshold has been exceeded, and ntop can simply compile a real-time report on current usage and break down the traffic by popular protocols.
http://www.ntop.org/overview.html (here is a win32 port) http://www.openxtra.co.uk/freestuff/ntop-xtra.php
http://cacti.net/  http://cactiusers.org/downloads/ (it's called Thold)
-rich
0
 
LindyMoffCommented:
You should be able to restrict traffic on that port by clicking "access restrictions" and configuring a DENY rule (probably for all traffic) and then an ALLOW rule for traffic you want to let through (like port 80).

Or, you can just selectively deny access on port 3724 if all you want to block is WoW.
0
 
JackWootenAuthor Commented:
Got it.

Does anyone know what ports have to be blocked to restricted file downloads from iTunes?  I know this sounds overly restrictive... but we are fighting an up hill battle here for bandwidth.
0
 
LindyMoffCommented:
Richrumble has a correct but possibly hard to implement answer to blocking iTunes traffic (you might want to give him some credit too).

Your router doesn't support DNS redirection as far as I know.  It does offer QoS, or "traffic shaping", which means you could give bandwidth priority to certain services (like video conferencing, for example).

Or, if you have control over your users' computers, you can edit their hosts files to block DNS, as outlined in this article:
http://www.teamonetickets.com/software/how-to-block-itunes-radio-streams.html

Rich is right that there are LOTS of sources for iTunes music so it's hard to block.  To get serious, you should consider a monitoring tool (I personally use ntop, cacti sounds pretty cool too).

If you want to take a chance on messing with your router(!), you could check out the OpenWRT project.  Basically this is a firmware replacement for your Linksys router that could give you extra features.  See if your router is compatible here (pay attention to version number for the WRT54G):
http://wiki.openwrt.org/TableOfHardware?action=show&redirect=toh

It does allow advanced features like hosting a mini DNS on it (http://wiki.openwrt.org/OpenWrtDocs/dnsmasq) and QoS (http://wiki.openwrt.org/MiniHowtos/QoSHowto).  However it's a labor intensive project, so if you're not very comfy with Linux I wouldn't recommend it.
0
 
Rich RumbleSecurity SamuraiCommented:
I've sniffed Itunes traffic and it all depends where you DL from, some send files FTP (port 21) some port 80, most however use HttpS (SSL 443)... all of which are very common and unless you are blocking those ports from specific ip's or ranges... you'll block alot of legit traffic as well. Monitoring is great, traffic shaping is awesome when you have a good set of criteria to go by. You'll need to do some testing and trending to see what values to use for your traffic shaping, and sometimes you can use traffic shaping rules that allow you to use different settings for different traffic.
-rich
0
 
JackWootenAuthor Commented:
Thank you for the comments... I am learning as I go and you have both given me much to think and act on

Jack.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now