« Pornografi di Network Gue!
Happy Birthday Sekar… »

Blocking Yahoo!Messenger

11th January 2008, 03:23 pm

A simple policy within the company that caused many sleepless night… One day the CEO said…. “We shall not allow chatting”…. O boy… :( this is a bother… as much as i enjoy Yahoo!Messenger I have to comply….

To achieve this goal first I blocked all outgoing ports… then I had to hand pick some TCP and UDP ports allowed for default services… After that I had to create rules to and from branch offices connecting over VPN… Then I had SquidGuard, in my case URLFilter, screen the http port to disallow chat…

Looking at the logs… turns out that Yahoo Messenger is capable of communicating through the default services i allowed earlier… like a virus Yahoo!Messenger scans the network to identify opened ports and it was successfull with ports 20,21,23,25 and 443… is this legal?… anyway… I limit access of ports 20-25 only to my servers… but 443… Blocking it means no https… I thought SquidGuard could help me but… turns out that https or secure http cannot be proxied transparently…

From http://www.shorewall.net/Shorewall_Squid_Usage.html

…instructions for transparent proxying of HTTP. HTTPS (normally TCP port 443) cannot be proxied transparently (stop and think about it for a minute; if HTTPS could be transparently proxied, then how secure would it be?).

Temporary solution is to allow only a few people access to https… and bad users must live without webmail, web bank and online shopping…

Update : since IPCop can access port 443 and proxy is on 800, someone who manually enters the firewall as proxy can access https sites…

Category: Enterprise, IT, Linux Desktop, Networking  |  Comment (RSS)  |  Trackback

10 Comments

  1. milisdad:

    Using Mozilla Firefox Mozilla Firefox 2.0.0.11 on Mac OS Mac OS X

    weh mesak ke tenan too…
    nek wong IT mosok ra entuk ceting?
    isih ono cara kok nek arep ceting lewat tunnel ssh ae :D

    11 January 2008, 5:34 pm

  2. Wisu Suntoyo:

    Using Mozilla Firefox Mozilla Firefox 2.0.0.11 on Ubuntu Linux Ubuntu Linux

    hehehe… emang sih… akeh cara…

    Yang ditangkap managemen iku… ternyata terlalu banyak waktu terbuang karena staff pada ceting..

    11 January 2008, 8:39 pm

  3. milisdad:

    Using Mozilla Firefox Mozilla Firefox 2.0.0.11 on Mac OS Mac OS X

    gawe jabber server ae jd paling gak komunikasi internal ae.
    ning gon ku yo ngono okeh sing podo ceting akhir e digawe ceting internal.
    walo pun akhir e ra efektif. paling gak meminimalisir ceting kr pihak njobo.

    14 January 2008, 8:24 am

  4. slashdotfx:

    Using Mozilla Firefox Mozilla Firefox 2.0.0.11 on Ubuntu Linux Ubuntu Linux

    sudah pernah coba l7-filter.sf.net?

    19 January 2008, 12:40 am

  5. udienz:

    Using Mozilla Firefox Mozilla Firefox 2.0.0.6 on Ubuntu Linux Ubuntu Linux

    wwah bener juga yah… chatting adalah dua sisi mata uang…

    eh tapi kalo pake meebo kkan bisa om?

    19 January 2008, 7:15 pm

  6. Wisu Suntoyo:

    Using Mozilla Firefox Mozilla Firefox 2.0.0.11 on Ubuntu Linux Ubuntu Linux

    @slashdotfx -> implementasi layer7 di IPCop bisa menggunakan QoS addon… http://en.wikibooks.org/wiki/Advanced_QoS_for_IPCop/HFSC#Rules_.E2.80.93_Layer-7 kebetulan saya sudah mencoba addon ini… dan ternyata butuh terlalu banyak resource CPU dari Firewall ber processor PIII milik saya… sebenarnya budget untuk upgrade mesin sudah ada… tetapi resource yang mengerjakan belum teralokasikan… eh sori jawabannya nyasar… :P

    @udienz -> seninya menggunakan list SquidGuard shalla.de adalah adanya klasifikasi chat di blacklistnya… jadi situs chatting web based seperti http://www.meeebo.com bisa saya block dengan SquidGuard…

    Update terbaru, setelah sedikit negosiasi sama CEO, akhirnya saya berhasil memperjuangkan keiinginan staff dengan diijinkannya web based chatting di jam makan siang dan diluar jam kantor… dan ini sangat mudah saya lakukan dengan URLFilter… tinggal setup time constraints… :D

    19 January 2008, 7:57 pm

  7. sufehmi:

    Using Mozilla Firefox Mozilla Firefox 2.0.0.12 on Ubuntu Linux Ubuntu Linux

    Thanks tipsnya :D

    Satu cara lagi untuk blokir yahoo messenger di IPcop / squid dibahas disini :
    http://www.linuxsolved.com/linux-forums/other-devices/blocking-yahoo-messenger-on-transparent-proxy-t1363.0.html;msg4789#msg4789

    2 April 2008, 12:51 pm

  8. dhany:

    Using Mozilla Firefox Mozilla Firefox 3.0.3 on Windows Windows XP

    Maaf kelamaan isi koment nya
    Bisa kasih tahu caranya untuk block metacafe client ???
    Thanks

    7 October 2008, 9:15 am

  9. Wisu Suntoyo:

    Using Mozilla Firefox Mozilla Firefox 3.0.1 on Linux Linux

    Saya belum pernah coba…

    tapi kalo anda mau bisa coba pakai addon advproxy http://www.advproxy.net/ install sesuai petujuk di website tsb…
    saat sudah terinstall anda coba masuk ke GUI dan scroll ke opsi “Web browser”… disitu
    coba anda centang opsi “Enable browser check:” dan pilih browser2 apa saja yang anda ijinkan untuk mengakses internet…

    mudah2an metacafe client dikenal sebagai browser yang berbeda…

    7 October 2008, 10:47 am

  10. anhardeni:

    Using Mozilla Firefox Mozilla Firefox 3.0.3 on Windows Windows XP

    met lebaran
    mungkin kebalikan,mhn infonya saya sdh install ipcop, kok ym saya jadi tidak bisa, padahal saya adminnya

    8 October 2008, 5:00 pm

Leave a comment