Why don't you invest in a product designed to do just that? I know of
one called Web Blocker and there are many others. They are a
subscription service and will update the site list a couple of times
per week. This is a whole lot easier than you trying to add an ACL for
each site.
Clifford L. Crane - Sr. Technical Analyst
Excel Corporation IT Business Continuation
151 N. Main Street
Wichita, KS 67201
Phone (316)291-2899 Fax (316)261-5902
cliff_crane@cargill.com
-----Original Message-----
From: Winfried.Gehrig@SKF.COM [mailto:Winfried.Gehrig@SKF.COM]
Sent: Thursday, July 01, 1999 10:00 AM
To: NV-L@UCSBVM.UCSB.EDU
Cc: Winfried.Gehrig@SKF.COM
Subject: Use Netview/Optivity/DNS as WWW-Porno/Sex-Blocker
Hello netview-folks around the planet,
we have big problems with overloaded WAN-links and routers due to
massive use of
Internet-surfing without business-related things.
I would like to use our Netview V5.1.1/Optivity
8.1.1/BIND-DNS-AIX4.3.2-machine
for blocking automatically
the users' PC completly due to big usage of Internet-Porno-pages with a
small
program or script.
I have posted this already some weeks ago, but received only advices to
install
a firewall.
But that is to easy, we have already one.
The focus of managemnet is the blocking of the whole end-users PC for a
certain
amount of time.
The intention is to make the users think about what he is doing, if he
cannot
use also our business
programms for some time.
Manually I can block traffic carrying out the following steps:
1. Automatic watch of DNS-activity on DNS-system
kill -WINCH `cat /etc/named.pid` creates Name-resolution-Output in
syslog-file
where
I can see IP-adress of user together with visited Internet-page.
For example:
May 28 13:58:40 schx00 named[38032]: XX /172.163.61.164/www.porno.com/A
May 28 13:58:49 schx00 named[38032]: XX
/172.163.61.164/www.xxxstuff.de/A
May 28 13:58:49 schx00 named[38032]: XX /172.163.61.164/www.bigtits.de/A
May 28 13:58:57 schx00 named[38032]: XX
/172.163.61.164/www.hardcore.com/A
2. Search automatically for certain key-words like tits,
porno,hardcore, naked,
sex, dildo etc.
Any ideas from people with script-knowledge?
3. Resolve MAC-Adress of user surfing on Porno-pages:
SCHX00:/Ping 172.163.61.164
SCHX00:/ arp -a|grep 172.163.61.164
schpc314.sch.skf.se (172.163.61.164) at 40:0:1:22:9:17 [token ring]
rt=6c0:213c:2a60
4. Use Optivity/Netatlas-Database to query the used Hub-port for
location of
MAC-address
Today I use Netatlas to search the MAC-adress-location in different
subnets.
I would like to do this from the command-line. Any ideas from
BAY-experts ?
5. Wrap hub-port of PC using snmpset-command to disable PC-activity for
15
minutes
snmpset - t 5 -c private BAYHUB01 .1.3.6.1.4.1.45.1.3.3.3.1.1.3.1.14
would wrap
ports permanently.
My intention is to put all these manual steps into a automatic script
activated
by cron.
A file for keywords should be maintained manually.
A success/statistical output for number of ports blocked per hour or
day would
be an extra feature.
Now my questions to the forum:
1. Has anybody setup such a script or can give me a hint how to do it ?
2. Does anybody know how one can ask the Optivity-database from the
commandline
for
the Hub/Port-location of a given MAC- or IP-adress ?
3. Who knows the exact snmpset-command-syntax on AIX for blocking
ports for 15
minutes instead of
blocking permanently for Bay-Hubs like 27xx,, 28xx, with advanced agent
and 810M
with basic-agent ?
Thank You for Your help in advance.
```
(o o)
------------------oOO-(_)-OOo------------------
Winfried Gehrig mailto:Winfried.Gehrig@skf.com
SKF GmbH FON ++49(0)9721 56 3077
Schweinfurt(Germany) FAX ++49(0)9721 56 3266
Our bearings turn the planet
http://www.skf.com
-----------------------------------------------
<<attachment: WINMAIL.DAT>>
|