Solved

Blocking WOW ports with a Linksys WRT54G running Firmware v4.30.5

Posted on 2006-10-26
9
7,907 Views
Last Modified: 2011-08-18
I am managing access for a WLAN.  Our user agreement states that the main purpose for the WLAN is for email, IM, and Webcams as it is for deployed soldiers.

I am having issues with soldiers abusing the network by downloading large files from iTunes and playing online games like World of Warcraft.

Is there a way for me to block this traffic without blocking the computer?  Please advise.

Jack.
0
Comment
Question by:JackWooten
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 6

Expert Comment

by:kane77573
Comment Utility
Yes, Just restict all the ports that those games use, or block port 80 and set only one pc to use port 80 and make that pc a proxy server and have everyone point there local internet explorer to that proxy.
use websense it has great filtering features.
Im sure there is a feature to only allow one pc internet access then just redirect everyone to that pc's proxy
0
 
LVL 6

Expert Comment

by:LindyMoff
Comment Utility
Have you already blocked port 3724 for WoW traffic?
0
 

Author Comment

by:JackWooten
Comment Utility
Sorry to ask the rediculously easy question... but I thought all ports other than standard were blocked by default.  The admin screen seems to only allow you to opt in ports... not opt out.

So, how do you block the port through the admin?
0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
Some firewalls can block IP's as well as DNS names, if you can find a list of the WOW ip's or DNS names it would be easy to block. You can block iTunes by blocking apple.com or these ip's
[whois.arin.net]
OrgName:    Apple Computer, Inc.
OrgID:      APPLEC-3
Address:    20740 Valley Green Drive, MS32E
City:       Cupertino
StateProv:  CA
PostalCode: 95014
Country:    US
NetRange:   17.0.0.0 - 17.255.255.255     (the subnet mask would be, 17.0.0.0 / 255.0.0.0 or for some firewalls the reverse, 0.255.255.255)
CIDR:       17.0.0.0/8
NetName:    APPLE-WWNET

There are however several sources that sell iTunes, so blocking apple.com won't block them all. This can be a real up hill battle, so I'd suggest implementing systems to alert you to the offenses and take action against the user as soon as a violation occurs. There are many ways to do this, some simpler than others. You can throttle the BW allocated to each PC using Traffic Shaping: http://en.wikipedia.org/wiki/Traffic_shaping
Monitoring useage with tools like Cacti, Ntop. Cacti has a plugin that can send pages or emails when a certain threshold has been exceeded, and ntop can simply compile a real-time report on current usage and break down the traffic by popular protocols.
http://www.ntop.org/overview.html (here is a win32 port) http://www.openxtra.co.uk/freestuff/ntop-xtra.php
http://cacti.net/  http://cactiusers.org/downloads/ (it's called Thold)
-rich
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 6

Accepted Solution

by:
LindyMoff earned 500 total points
Comment Utility
You should be able to restrict traffic on that port by clicking "access restrictions" and configuring a DENY rule (probably for all traffic) and then an ALLOW rule for traffic you want to let through (like port 80).

Or, you can just selectively deny access on port 3724 if all you want to block is WoW.
0
 

Author Comment

by:JackWooten
Comment Utility
Got it.

Does anyone know what ports have to be blocked to restricted file downloads from iTunes?  I know this sounds overly restrictive... but we are fighting an up hill battle here for bandwidth.
0
 
LVL 6

Expert Comment

by:LindyMoff
Comment Utility
Richrumble has a correct but possibly hard to implement answer to blocking iTunes traffic (you might want to give him some credit too).

Your router doesn't support DNS redirection as far as I know.  It does offer QoS, or "traffic shaping", which means you could give bandwidth priority to certain services (like video conferencing, for example).

Or, if you have control over your users' computers, you can edit their hosts files to block DNS, as outlined in this article:
http://www.teamonetickets.com/software/how-to-block-itunes-radio-streams.html

Rich is right that there are LOTS of sources for iTunes music so it's hard to block.  To get serious, you should consider a monitoring tool (I personally use ntop, cacti sounds pretty cool too).

If you want to take a chance on messing with your router(!), you could check out the OpenWRT project.  Basically this is a firmware replacement for your Linksys router that could give you extra features.  See if your router is compatible here (pay attention to version number for the WRT54G):
http://wiki.openwrt.org/TableOfHardware?action=show&redirect=toh

It does allow advanced features like hosting a mini DNS on it (http://wiki.openwrt.org/OpenWrtDocs/dnsmasq) and QoS (http://wiki.openwrt.org/MiniHowtos/QoSHowto).  However it's a labor intensive project, so if you're not very comfy with Linux I wouldn't recommend it.
0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
I've sniffed Itunes traffic and it all depends where you DL from, some send files FTP (port 21) some port 80, most however use HttpS (SSL 443)... all of which are very common and unless you are blocking those ports from specific ip's or ranges... you'll block alot of legit traffic as well. Monitoring is great, traffic shaping is awesome when you have a good set of criteria to go by. You'll need to do some testing and trending to see what values to use for your traffic shaping, and sometimes you can use traffic shaping rules that allow you to use different settings for different traffic.
-rich
0
 

Author Comment

by:JackWooten
Comment Utility
Thank you for the comments... I am learning as I go and you have both given me much to think and act on

Jack.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now