Hello netview-folks around the planet,
we have big problems with overloaded WAN-links and routers due to massive
use of
Internet-surfing without business-related things.
I would like to use our Netview V5.1/Optivity 8.1.1/BIND-DNS-AIX-machine
for blocking users
with big usage of Internet-Porno-pages automatically with a small program
or script.
Manually I can block traffic carrying out the following steps:
1. Automatic watch of DNS-activity on DNS-system
kill -WINCH `cat /etc/named.pid` creates Name-resolution-Output in
syslog-file where
I can see IP-adress of user together with visited Internet-page.
For example:
May 28 13:58:40 schx00 named[38032]: XX /172.163.61.164/www.porno.com/A
May 28 13:58:49 schx00 named[38032]: XX /172.163.61.164/www.xxxstuff.de/A
May 28 13:58:49 schx00 named[38032]: XX /172.163.61.164/www.bigtits.de/A
May 28 13:58:57 schx00 named[38032]: XX /172.163.61.164/www.hardcore.com/A
2. Search automatically for certain key-words like tits, porno,hardcore,
naked, sex, dildo etc.
Any ideas from people with script-knowledge?
3. Resolve MAC-Adress of user surfing on Porno-pages:
SCHX00:/Ping 172.163.61.164
SCHX00:/ arp -a|grep 172.163.61.164
schpc314.sch.skf.se (172.163.61.164) at 40:0:1:22:9:17 [token ring]
rt=6c0:213c:2a60
4. Use Optivity/Netatlas-Database to query the used Hub-port for location
of MAC-address
Today I use Netatlas to search the MAC-adress-location in different
subnets.
I would like to do this from the command-line. Any ideas from BAY-experts ?
5. Wrap hub-port of PC using snmpset-command to disable PC-activity for 15
minutes
snmpset - t 5 -c private BAYHUB01 .1.3.6.1.4.1.45.1.3.3.3.1.1.3.1.14 would
wrap ports permanently.
My intention is to put all these manual steps into a automatic script
activated by cron.
A file for keywords should be maintained manually.
A success/statistical output for number of ports blocked per hour or day
would be an extra feature.
Now my questions to the forum:
1. Has anybody setup such a script or can give me a hint how to do it ?
2. Does anybody know how one can ask the Optivity-database from the
commandline for
the Hub/Port-location of a given MAC- or IP-adress ?
3. Who knows the exact snmpset-command-syntax on AIX for blocking ports
for 15 minutes instead of
blocking permanently for Bay-Hubs like 27xx,, 28xx, with advanced agent and
810M with basic-agent.
Thank You for Your help in advance.
```
(o o)
------------------oOO-(_)-OOo------------------
Winfried Gehrig mailto:Winfried.Gehrig@skf.com
SKF GmbH FON ++49(0)9721 56 3077
Schweinfurt(Germany) FAX ++49(0)9721 56 3266
Our bearings turn the planet
http://www.skf.com
-----------------------------------------------
|