It is said that Google talk uses Jabber protocol to communicate.
     However, Google talk has more flexible ways to connect:
     1. Using Jabber standard tcp port 5222.
     2. Using TLS port 443.
     3. Using web chatting on port 80.

     So you will not able to block Google talk by simply blocking Jabber standard port. And 443, 80 ports are essential internet ports which shall not be blocked.

     WFilter makes it simple to block google talk. Google talk connections can be identified and blocked by signature matching. And all these can be done just by one click as below:

     More information, please refer to: http://www.imfirewall.com/en/protocols/Jabber.htm.

Some websites, like facebook, youtube, are rather time consumable.

If you do nothing to filter certain websites, your employees may spend several hours a day on web surfing.

So How to block certain websites to save your productivity?

1. Some router/gateway might have the ability to block certain websites.

2. Firewall appliances, like cisco PIX, will also be a good choice.

3. The third, you can choose internet filtering software to do web filter and blocking.

 

 

 

Most employees waste more than an hour on browsing web pages. Even worse, someone will not be able to concentrate on their work during work time.
So, to save productivity, it is necessary for organizations to block certain websites and restrict internet access.

In my opinion, things should be done from several aspects:

1. Only work-related websites are allowed during work time.
2. Destructive websites like violence, adult, shall be blocked always.
3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed.

For those companies who are very strict with websites browsing, you can implement a website whitelist, by which, only websites in the whitelist can be visited.

More information, please refer to internet blocking and internet monitoring.

Block MSN file transfer: impossible mission?

  It is convenient to transfer files via messengers like msn/live, yahoo, icq...  But it is also necessary for organizations to block unauthorized file transfers to keep their networks safe.

  However, messenger software uses several ways to avoid being blocked. They use dynamic ports, encrypted connections, variety connection type to bypass network firewall.

  Let me take msn as an example. By our test, there have four type of msn file transfer as described below:

  1. For two buddies, if one of them is connected to internet directly, direct connection will be established to transfer files. This is the quickest way. There has three type of direct connections with dynamic ports which is negotiated by two sides.

  1.1) Direct TCP connection.

  1.2) Direct TCP connection use TLS encryption.

  1.3) Direct UDP transmission.

  2. If direct connection can not be established, msn servers can act as a relay server to transfer files. The file transfer packets will be among with normal msn messages.

  As you can see from above, there is no way to block msn file transfer simply by blocking some ports in the firewall. The firewall should be smart enough to recognize msn file transfer direct connections, and it shall be able to pick up file transfer packets from normal msn messages.

  Block MSN File Transfer

  Internet Monitor

  Block P2P

 

 

IMFirewall P2P Classify Engine Introduction

1    Introduction

IMFirewall Software is a professional Internet filtering software provider. We focus on Internet information security and providing customers with a comprehensive approach to manage the Internet usage of enterprise network since founded in 2004. By 2007-10, protocols number supported in our pattern database has reached over 90. And our pattern analysis team is monitoring and analyzing protocols everyday.

2       Supported Pattern Type

Three pattern types are supported:

1.      Signature Pattern

You may call it digit signature. As most p2p programs do not has a fix port range nor central servers. The only way to match them is by signature match. IMFirewall pattern matching engine scans every connection for signature of existing protocols..

2.      Port Pattern

IMFirewall pattern matching engine can also recognize protocols by port or port range.

3.      HTTP Pattern

Because more and more protocols are using HTTP protocol or HTTP tunnel to communicate, our pattern-matching engine also checks http mime-header for signatures. HTTP pattern is powerful to recognize http-based protocols.

3       Pattern Matching Speed

We test the speed of each pattern when new pattern found, the standard speed is 20,000 matches in 1 second.

4       Quick Response for New (Updated) Protocols

As protocols may vary from time to time, it is necessary to keep the pattern database up to date in time.

We have a protocol/programs monitoring system, which will monitor the website and files on official websites of each protocol. Once there is a change, the system will notify our protocol analysis team to test it.

This makes us a quick response for new (updated) protocols. Usually, a updated protocol can be added to our pattern database in 2-3 business days.

 

Links: Supported protocols list of WFilter

 

Someone told me WFilter can not block bittorrent downloading. So I did some research yesterday.

I downloaded both bittorrent and bitcomet from their official website. I also downloaded an availble torrent file from bittorrent.com.

Turning "Block P2P" on in WFilter console, then use bitcomet to download, the download never begined. However, when I use bittorrent to download, it will start downloading after trying for a few seconds.

This is really interesting. Since WFilter can detect and block bittorrent traffic using pattern match, this should not happen. So what's the reason? After detailed analysis of the network traffic, I found bittorrent also download data directly from bittorrent.com using http protocol. That means bittorrent not only use p2p downloading, but also can download files directly from the website.

Knowing that, I added "bittorrent.com" in the black list of wfilter's website black&white list, then did the download again. Aha, bittorrent never be able to download any files.