Solved

Blocking WOW ports with a Linksys WRT54G running Firmware v4.30.5

Posted on 2006-10-26
9
7,938 Views
Last Modified: 2011-08-18
I am managing access for a WLAN.  Our user agreement states that the main purpose for the WLAN is for email, IM, and Webcams as it is for deployed soldiers.

I am having issues with soldiers abusing the network by downloading large files from iTunes and playing online games like World of Warcraft.

Is there a way for me to block this traffic without blocking the computer?  Please advise.

Jack.
0
Comment
Question by:JackWooten
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 6

Expert Comment

by:kane77573
ID: 17812485
Yes, Just restict all the ports that those games use, or block port 80 and set only one pc to use port 80 and make that pc a proxy server and have everyone point there local internet explorer to that proxy.
use websense it has great filtering features.
Im sure there is a feature to only allow one pc internet access then just redirect everyone to that pc's proxy
0
 
LVL 6

Expert Comment

by:LindyMoff
ID: 17812557
Have you already blocked port 3724 for WoW traffic?
0
 

Author Comment

by:JackWooten
ID: 17812611
Sorry to ask the rediculously easy question... but I thought all ports other than standard were blocked by default.  The admin screen seems to only allow you to opt in ports... not opt out.

So, how do you block the port through the admin?
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17812975
Some firewalls can block IP's as well as DNS names, if you can find a list of the WOW ip's or DNS names it would be easy to block. You can block iTunes by blocking apple.com or these ip's
[whois.arin.net]
OrgName:    Apple Computer, Inc.
OrgID:      APPLEC-3
Address:    20740 Valley Green Drive, MS32E
City:       Cupertino
StateProv:  CA
PostalCode: 95014
Country:    US
NetRange:   17.0.0.0 - 17.255.255.255     (the subnet mask would be, 17.0.0.0 / 255.0.0.0 or for some firewalls the reverse, 0.255.255.255)
CIDR:       17.0.0.0/8
NetName:    APPLE-WWNET

There are however several sources that sell iTunes, so blocking apple.com won't block them all. This can be a real up hill battle, so I'd suggest implementing systems to alert you to the offenses and take action against the user as soon as a violation occurs. There are many ways to do this, some simpler than others. You can throttle the BW allocated to each PC using Traffic Shaping: http://en.wikipedia.org/wiki/Traffic_shaping
Monitoring useage with tools like Cacti, Ntop. Cacti has a plugin that can send pages or emails when a certain threshold has been exceeded, and ntop can simply compile a real-time report on current usage and break down the traffic by popular protocols.
http://www.ntop.org/overview.html (here is a win32 port) http://www.openxtra.co.uk/freestuff/ntop-xtra.php
http://cacti.net/  http://cactiusers.org/downloads/ (it's called Thold)
-rich
0
 
LVL 6

Accepted Solution

by:
LindyMoff earned 500 total points
ID: 17812989
You should be able to restrict traffic on that port by clicking "access restrictions" and configuring a DENY rule (probably for all traffic) and then an ALLOW rule for traffic you want to let through (like port 80).

Or, you can just selectively deny access on port 3724 if all you want to block is WoW.
0
 

Author Comment

by:JackWooten
ID: 17817327
Got it.

Does anyone know what ports have to be blocked to restricted file downloads from iTunes?  I know this sounds overly restrictive... but we are fighting an up hill battle here for bandwidth.
0
 
LVL 6

Expert Comment

by:LindyMoff
ID: 17818595
Richrumble has a correct but possibly hard to implement answer to blocking iTunes traffic (you might want to give him some credit too).

Your router doesn't support DNS redirection as far as I know.  It does offer QoS, or "traffic shaping", which means you could give bandwidth priority to certain services (like video conferencing, for example).

Or, if you have control over your users' computers, you can edit their hosts files to block DNS, as outlined in this article:
http://www.teamonetickets.com/software/how-to-block-itunes-radio-streams.html

Rich is right that there are LOTS of sources for iTunes music so it's hard to block.  To get serious, you should consider a monitoring tool (I personally use ntop, cacti sounds pretty cool too).

If you want to take a chance on messing with your router(!), you could check out the OpenWRT project.  Basically this is a firmware replacement for your Linksys router that could give you extra features.  See if your router is compatible here (pay attention to version number for the WRT54G):
http://wiki.openwrt.org/TableOfHardware?action=show&redirect=toh

It does allow advanced features like hosting a mini DNS on it (http://wiki.openwrt.org/OpenWrtDocs/dnsmasq) and QoS (http://wiki.openwrt.org/MiniHowtos/QoSHowto).  However it's a labor intensive project, so if you're not very comfy with Linux I wouldn't recommend it.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17818735
I've sniffed Itunes traffic and it all depends where you DL from, some send files FTP (port 21) some port 80, most however use HttpS (SSL 443)... all of which are very common and unless you are blocking those ports from specific ip's or ranges... you'll block alot of legit traffic as well. Monitoring is great, traffic shaping is awesome when you have a good set of criteria to go by. You'll need to do some testing and trending to see what values to use for your traffic shaping, and sometimes you can use traffic shaping rules that allow you to use different settings for different traffic.
-rich
0
 

Author Comment

by:JackWooten
ID: 17818839
Thank you for the comments... I am learning as I go and you have both given me much to think and act on

Jack.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question