It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Block or Disable Port 80?

page: 2
2
<< 1    3 >>

log in

join
share:

posted on Aug, 14 2013 @ 11:04 PM
link   
reply to post by pslr2301
 


Damn! Why didn't I think of that? All I have to do is remove the DNS servers from his IP configuration. He'd have no idea how to deal with that. Thanks for prompting me.

Thanks to all participants. Stars for all....



posted on Aug, 14 2013 @ 11:08 PM
link   
reply to post by Ex_CT2
 


I dont think that will work. In absence of dns server addresses on the local machine, the router/modem combo may automatically do it through your isp dns servers. Dont quote me on it but 75% sure anyway.
edit on 8/14/2013 by shaneslaughta because: (no reason given)



posted on Aug, 14 2013 @ 11:08 PM
link   
reply to post by Ex_CT2
 


Are you on good terms with the employee that is using the internet too much?

If so, you might be in a good place to represent the business's concerns in an informal way that puts you in very well with your boss, without making your boss scared of you trying to take his job or some such.

Teamwork, in general, is only as strong as the architected and informal links between teammates.



posted on Aug, 14 2013 @ 11:52 PM
link   

Originally posted by shaneslaughta
reply to post by Ex_CT2
 


I dont think that will work. In absence of dns server addresses on the local machine, the router/modem combo may automatically do it through your isp dns servers. Dont quote me on it but 75% sure anyway.
edit on 8/14/2013 by shaneslaughta because: (no reason given)



Actually I think I'm about 100% on this. If you're using manual configuration and leave out the DNS servers it definitely kills your browser connection. I've done it a few times, and it sometimes doesn't dawn on me for a couple of hours why the Internet's not working.

Anyway: Worst that happens is that it doesn't work and I'll have to go another direction. I'll give it a try tomorrow....



posted on Aug, 14 2013 @ 11:55 PM
link   

Originally posted by cryptographrix
reply to post by Ex_CT2
 


Are you on good terms with the employee that is using the internet too much?

If so, you might be in a good place to represent the business's concerns in an informal way that puts you in very well with your boss, without making your boss scared of you trying to take his job or some such.

Teamwork, in general, is only as strong as the architected and informal links between teammates.


I'm on good terms with him, yes. Since you're less willing to let this go than I am, I'll go a little further with you. What are you suggesting?



posted on Aug, 15 2013 @ 12:09 AM
link   
Best of luck, hope you get it sorted.



posted on Aug, 15 2013 @ 12:47 AM
link   
reply to post by cryptographrix
 


OK. It's past my bedtime. If you like, we can continue this tomorrow....



posted on Aug, 15 2013 @ 02:31 AM
link   
You will have to block port 80 (http) and port 443 (https) if you want to block all access to the web


Leacving out the DNS will just stop a person from using Fully Qualified Domain Names FQDN's it will still allow access if the person knows the ip address to wherever they want to go.
edit on 15-8-2013 by PhoenixOD because: (no reason given)



posted on Aug, 15 2013 @ 10:55 AM
link   
If you enable port blocking on the router, ensure you enable mac filtering so the workers NIC is always getting the static ip you set, because if you just set a static IP manually, and only enable blocking for that ip, he can do an ipconfig /release .... /renew and get a new IP, or even just start slamming random static ips until one works.

That, or set the static IP and remove user access to network settings so he can't reset the IP himself.

for the record, my sub 500$ cisco small business router provided a ton of blocking options, and my current even cheaper cisco home router offers the same settings.

One of the things we fooled around with was redirection. We setup Microsoft ISA and didn't black list any sites. You wait a few days then check the logs and you'll see the sites the user goes to, then you create a redirection rule that automatically redirects the traffic to a site of your choice. In our case, it was the "acceptable internet usage" policy. That usually fixes it pretty good.

Oh, and you might want to take a look at methods for blocking TOR and other proxies while you are at it.


edit on 15-8-2013 by phishyblankwaters because: (no reason given)



posted on Aug, 15 2013 @ 12:20 PM
link   
reply to post by Ex_CT2
 


set the proxy server in internet explorer settings to 127.0.0.1 the loopback interface,
This will not stop the machine having network connection
but it will stop the user on that machine from browsing the internet.

so what is basically happening is that computer is trying to log into itself..




posted on Aug, 15 2013 @ 01:33 PM
link   
Tell the bosses to grow a set and do their job. If they don't like that someone spends to much time on the internet then they need to at least give them a verbal warning. If the issue continues they could then track which sites are being accessed and put in place a GP to block those sites. Last but not least they could terminate the employee.



posted on Aug, 15 2013 @ 08:44 PM
link   
reply to post by PhoenixOD
 


I say again: He's not that smart. He was barely smart enough to go to Program Files and find the ie exe. He wouldn't know an IP address if it bit him in the butt.

As far as port 443, I'm pretty sure UPS Worldship uses that for their communications. But I'm not worried about it. He'll try starting the the browser once, maybe twice, and when it pukes he'll leave it alone. I've already told him that I've been told to remove his Internet access; I'm expecting the psychological element to be sufficient....
edit on 8/15/2013 by Ex_CT2 because: (no reason given)



posted on Aug, 15 2013 @ 08:47 PM
link   

Originally posted by flipflop
reply to post by Ex_CT2
 


set the proxy server in internet explorer settings to 127.0.0.1 the loopback interface,
This will not stop the machine having network connection
but it will stop the user on that machine from browsing the internet.

so what is basically happening is that computer is trying to log into itself..



Oh. That's even better. I have to try that. Thanks for the tip....



posted on Aug, 15 2013 @ 08:51 PM
link   
reply to post by Ex_CT2
 


Ahh, i understand.


I only really brought it up because its a favorite 'trip up' question in networking exams. They always ask what ports do you need to block to stop access to websites? Most people forget the 443 for SSL/HTTPS.

You can use the host file to redirect to 127.0.0.1 for any sites you dont want him to go to. But that a lot of work to maintain.


edit on 15-8-2013 by PhoenixOD because: (no reason given)



posted on Aug, 15 2013 @ 08:52 PM
link   
Tell him all his traffic sites, locations, emails, searches and "visits' are now being "CATALOGUED" and being sent directly to the boss's computer for tracking purposes...and all phone calls (in case he figures some out-call-dial-up access-whatever")

Scare him....
edit on 05/05/13 by mysterioustranger because: (no reason given)



posted on Aug, 15 2013 @ 09:06 PM
link   

Originally posted by HawkeyeNation
Tell the bosses to grow a set and do their job. If they don't like that someone spends to much time on the internet then they need to at least give them a verbal warning. If the issue continues they could then track which sites are being accessed and put in place a GP to block those sites. Last but not least they could terminate the employee.


Yeah, I'm pretty disgusted with their lack of fortitude too.

But it's a much bigger issue than I'm willing to deal with—and it's not really my battle. My assignment is a small technical issue.

From past experience, I think the bosses' attitude is: Well, if the employee doesn't like it, there are plenty of people out there who are willing do that job and not complain. But, you know, there's one other thing that I haven't mentioned because dealing with bosses is not why I'm in the Computer Help forum asking about port 80. This particular employee is a warehouse worker. He inherited the UPS responsibilities when someone else quit. He's mutated a 2-hour-a-day assignment (UPS) into 8 hours of f***ing around and playing on the Internet with the UPS computer. He never goes to the warehouse anymore.

Now, it's demonstrably true that the bosses don't know how to handle that. And the other workers do their jobs and don't have access to computers. And there's muttering and dissension in the ranks.

None of which is my problem. If the employees decide to take it to the bosses, fine. But it's still not my battle. I was given a minor task; prepared the way with a little applied psychology; went looking for an elegant solution (at ATS), and now I can go back to my . . . umm . . . "day job," so to speak.

Anyway: Thanks, truly, all of you, for your advice on dealing with the bosses. But it's not my problem. I don't have a problem with the bosses. I've been working since I was literally 9 years old—some 54 years—and I know how to deal with bosses if I have a problem.

But it's not my problem....


edit on 8/15/2013 by Ex_CT2 because: (no reason given)



posted on Aug, 15 2013 @ 09:19 PM
link   
reply to post by mysterioustranger
 


Thanks, Mysterioustranger. But see my responses above. He's not that sophisticated. He's just taking liberties not accorded to him. Once his Internet access is terminated, I expect he'll go back to his warehouse duties. If so: problem solved. If not: Not my problem....


edit on 8/15/2013 by Ex_CT2 because: (no reason given)



posted on Aug, 15 2013 @ 09:38 PM
link   
reply to post by phishyblankwaters
 


Thanks. That's really good info. If nothing else I'm picking up a lot of useful tips here.

I'll drop that one in my pocket for later....
edit on 8/15/2013 by Ex_CT2 because: (no reason given)



posted on Aug, 15 2013 @ 11:16 PM
link   
I find this amusing
You guys are trying to lock down an employee that by the sounds of it is an administrator on that PC. Typically in a large network you would use a domain controller server that pushes policy. To lock down a system not on a domain you want to take control of the PC's administrator account and create a normal user account for this employee. Then you can lock down the system with gpedit (which takes time) or the best way is to create a new policy specific to that user. How to to do that you login to the administrator account and follow this websites instructions...

Group policy - Apply to a specific user.

As others have said you can control QOS and mac address IP's ports etc in the router, but if this guy is a Administrator he can easily bypass all of this as he is in control of his winsock and can just change it to whatever he pleases. Wanting to control a pc you want to uninstall firefox etc etc to where the system only has it's default system apps like iexplorer. Then in the policy set it so that nothing can be installed and disable iexplorer from running. Disable cmd.exe, disable cd rom, disable mounting USB, disable mspaint.exe lol basically only allow apps that is required or needed. There is lot of tips out there of what to add to the policy for a tight lock down. I am not kidding about the mspaint.exe either. There is a way to get access to cmd.exe using mspaint. LOL Got to love windows..


Good Luck
edit on 15-8-2013 by sean because: (no reason given)



posted on Aug, 16 2013 @ 12:00 AM
link   
reply to post by sean
 


Well, thank you. I've always so enjoyed being a source of amusement to the clearly superior among us. Imagine my delight.

I was hoping someone would offer up a registry tweak and I'd be on my way. And yet here I am the subject of public scorn and condescension—and, what's worse, I'm still not inclined to spend hours of which there are never enough in my workday performing high-level administrative tasks.

For years our users have been well-behaved and productive with off-the-shelf computers that we've basically just plugged in and walked away from. No one, including myself, is accustomed to dealing with ill behavior—and yet here we are: A disturbance in the Force has agitated our happy little group, and none of us even knows how to react to it . . . except to pull the plug (to thoroughly mix metaphors). And we can't even do that.

So there we are. Thanks for your useful information. I mean that. I will look into it. It may be that we have to be more sophisticated and a little more conscientious from this point on....


edit on 8/16/2013 by Ex_CT2 because: (no reason given)




top topics



 
2
<< 1    3 >>

log in

join