[K12OSN] OT: Limit Network Access by time

Christopher K. Johnson ckjohnson at gwi.net
Fri Feb 27 09:39:00 UTC 2004 

Jim Kronebusch wrote:

>Wouldn’t the following two commands
>0 23 * * * /sbin/ipchains -I ethout 1 -i eth1 -j DENY
>0 23 * * * /sbin/ipchains -I ethin 1 -i eth1 -j DENY
>Completely disable the interface on all ports?  I assumed if I ran this
>on the local (Green Network for IPCop) it would disable routing
>completely.  I am not looking for a port specific block, just an entire
>shutdown.  Otherwise they will still be up all night on file sharing
>networks downloading stolen music and porn while instant messaging each
>other about what so and so said at school today.  I want the network
>dead during off hours.
>
>-----Original Message-----
>From: k12osn-admin at redhat.com [mailto:k12osn-admin at redhat.com] On Behalf
>Of Christopher K. Johnson
>Sent: Friday, February 27, 2004 6:47 AM
>To: k12osn at redhat.com
>Subject: Re: [K12OSN] OT: Limit Network Access by time
>
>
>aust_txv at ACCESS-K12.org wrote:
>
>  
>
>>Jim I use the cron tab interface in webmin to make my cron tab jobs. 
>>That's a neat idea overall - Closing internet in/out traffic would be 
>>a nice tool.  We get a peer-to-peer issue now and then.
>>
>>Has anyone had a student connect to their PC at home via VNC ?  Should
>>I be concerned ?  Ideas on how to squash it ?
>>
>>Thanks,
>>Tom Ventresco
>>    
>>
>
>You can complicate such access but you cannot block it.  Any unproxied 
>service or even ssl-based proxied service can be used to tunnel such 
>access.  For instance if you permit access to https then the student 
>just has to make their home vnc listen on port 443, or their sshd and 
>tunnel their vnc connection to do it securely even.
>
>So you can block ports in 5900-59xx and port 22 if you want to, but 
>chances are they will find an alternative, and you will merely have 
>complicated your own vnc and ssh access to outside systems.
>
>  
>
My "You can complicate..." response was in reply to the "Has anyone had 
a student connect to their PC at home via VNC?...how to squash it" inquiry.
If all traffic is disabled, that would of course disable access to vnc 
and all alternative services on outside hosts.

-- 
-----------------------------------------------------------
   "Spend less!  Do more!  Go Open Source..." -- Dirigo.net
   Chris Johnson, RHCE #807000448202021

More information about the K12OSN mailing list