Hi, I'm the system's administrator at my company. All servers are CentOS :) I've been noticing that many people spend the whole day hearing to online radios. How can i block the streaming ? It's HTTP and i think it's through port 80. Any help would be appreciated. Warm Regards, M?rio Gamito PS: No good blocking the radio sites, they'll discover others.
M?rio Gamito wrote:> I've been noticing that many people spend the whole day hearing to > online radios. > > How can i block the streaming ? > > It's HTTP and i think it's through port 80.Block HTTP outgoing }:->> PS: No good blocking the radio sites, they'll discover others.It's always problematic to try to solve social problems by using technical means. Anyway: If you use squid as an HTTP proxy, you can block a) either the clients <http://www.squid-cache.org/mail-archive/squid-users/200511/0327.html> or use squid to block by mime type <http://www.squid-cache.org/mail-archive/squid-users/200511/0534.html>. Those are just examples, you might find more of those by using google. Cheers, Ralph -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20070503/b116b622/attachment-0001.sig>
Ralph Angenendt wrote:>M?rio Gamito wrote: > > >>I've been noticing that many people spend the whole day hearing to >>online radios. >> >>How can i block the streaming ? >> >>It's HTTP and i think it's through port 80. >> >> > >Block HTTP outgoing }:-> > > > >>PS: No good blocking the radio sites, they'll discover others. >> >> > >It's always problematic to try to solve social problems by using >technical means. > >Anyway: If you use squid as an HTTP proxy, you can block a) either the >clients ><http://www.squid-cache.org/mail-archive/squid-users/200511/0327.html> >or use squid to block by mime type ><http://www.squid-cache.org/mail-archive/squid-users/200511/0534.html>. > >Those are just examples, you might find more of those by using google. > >Cheers, > >Ralph > >Yea, those might work, but I find a good public flogging is very effective. Also a sternly worded email from HR to everyone reminding them of the company acceptable use policy works wonders. You do have each employee sign an acceptable use policy on hiring don't you ? Alan
M?rio Gamito wrote:> Hi, > > I'm the system's administrator at my company. > All servers are CentOS :) > > I've been noticing that many people spend the whole day hearing to > online radios. > > How can i block the streaming ? > > It's HTTP and i think it's through port 80. > > Any help would be appreciated. > > Warm Regards, > M?rio Gamito > PS: No good blocking the radio sites, they'll discover others.Did someone ask you to block them?
M?rio Gamito wrote:> Hi, > > I'm the system's administrator at my company. > All servers are CentOS :) > > I've been noticing that many people spend the whole day hearing to > online radios.so what? if online radio is bad, then ask the senate to prohibit it. and if it's bad at work, ask upper mgmt.> > How can i block the streaming ?by uninstalling all media players, and asking uper mgmt to issue a policy stating that installing a media player is prohibited.> > It's HTTP and i think it's through port 80.If your issue is performance, use a traffic shaper.
M?rio Gamito wrote:> > I've been noticing that many people spend the whole day hearing to > online radios. > > How can i block the streaming ?This is the kind of issue best solved by a notice from management saying "thou shall not listen to internet radios at the office, or else". Then just monitor the network for violators. Purely technical solutions are not very good. You can block certain user agents in a proxy or via a Network IPS, block certain MIME types or file types (again, either a proxy or an NIPS can do that), drop HTTP sessions that are longer than say 5 minutes (at the firewall or NIPS, and yes, drop sessions even if they are active - bad idea sometimes but it will greatly annoy the streaming radio users) and add a temporary denial for that source/destination IP pair, do traffic shaping to limit the bandwidth available to streaming content (at the firewall or router), etc. In general, a smart NIPS can help you somewhat. But nothing is perfect and people are likely to be smarter than a piece of hardware. One more idea: if most of them listen to the same radio station, just install a streaming proxy (or relay) on the internal network and then you can have a lot of internal users connected to the same proxy (relay), all of them using essentially just one stream to the outside. E.g., look at option -r with streamripper: http://streamripper.sourceforge.net/tutorialconsole.php Heck, even if two or three stations are the most popular, stream them all to an internal relay and tell everyone to use the relay. It's better to have just two or three streams, instead of twenty, the users are happy, everyone wins. -- Florin Andrei http://florin.myip.org/
Ioannis Vranos <ivranos at freemail.gr> wrote:>>I think it is a mgmt thing and not a technical thing. << That's the accepted view amongst security professionals, too: use of internet radio, some use of chat/instant messaging, and endless reading of web sites is a time management and supervision problem, not a technical one. It might be a technical issue in places where bandwidth is expensive, or limited (e.g. entire business on an ADSL connection), however. And ultimately, if senior management decides to make a policy banning access via technical means, then junior network and firewall admins don't get to argue the point. ;) Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] Tel: +61 2 9451 1144 FreeWorldDialup: 800909
M?rio Gamito spake the following on 5/3/2007 8:51 AM:> Hi, > > I'm the system's administrator at my company. > All servers are CentOS :) > > I've been noticing that many people spend the whole day hearing to > online radios. > > How can i block the streaming ? > > It's HTTP and i think it's through port 80. > > Any help would be appreciated. > > Warm Regards, > M?rio Gamito > PS: No good blocking the radio sites, they'll discover others.Your human resources department ( or management in general) needs to write a policy banning the practice, and then (here is the important part) they need to enforce it! Once someone is fired or disciplined for doing it, the rest usually will stop. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!