How to block UDP ports in RRAS windows server 2003?

Leave a reply

As a pass-by filtering product, WFilter only can block TCP traffic. For complete blocking of p2p traffic, you’re required to block UDP ports 1024-65534 in your router or firewall. For more information about pass-by filtering, please check: difference between Pass-by filtering and Pass-through filtering.

Since some networks use a windows server with “Routing and Remote Access Service”(RRAS) as the gateway, you also can configure the “IP Filter” in RRAS to block UDP ports. In this tutorial, we will guide you to block all UDP ports except DNS(53) in windows server 2003.

1. Open “Routing and Remote Access” in “Control Panel”->”Administrative Tools”.

2. Choose the external adapter, Click “General”->”properties”.

3. Click “Inbound Filters”.

4. Add DNS port UDP 53 into the allow list

Click “New”->”Add IP Filter”, choose “Protocol” as “UDP”, “Sourceport” as “53″, “Destination port” as “0″(means all).

5. Add all TCP into the allow list

Click “New”->”Add IP Filter”, choose “Protocol” as “TCP”, “Sourceport” as “0″, “Destination port” as “0″.

6. Block others

Check “Drop all packets except those that meet the criteria below” to block other traffic.

By now, UDP ports are all blocked except UDP 53(DNS). And WFilter is now full functional to block p2p/IM/iptv traffic.

More information, please check “WFilter Enterprise”.

Other related links:

How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?

How to block porn websites from network computers?

Leave a reply

This turtorial will guide you to block porn websites in your network.

Three ways of WFilter to block porn websites:

1. Using website black list.

2. Using “Url keywords filtering” to block keywords in url.

3. Using the default url database of WFilter to block website by categories.

1. Using “website black list” to block porn websites

If you know the websites to be blocked, you can add them into a website black list to be blocked. For example:

2. Using “URL keywords filtering” to block porn sites

The “URL keywords filtering” will search the visited URL addresses for certain keywords. When certain keywords is found, it will be blocked.

For example, add “porn”, “sex” to “Sexual”, and block “Sexual” category in “URL Keywords Filtering”.

3. Using “Web access rules” to block porn sites

WFilter has a default url database which contains millions of common websites. You may enable “Web Access Rule” and block the “Sexual” category to block sexual websites in the default url database.

However, the url database can not cover all websites in internet. You may search a domain in “Category Settings”->”Category Search”. If the search result is “not found”, it means this domain is not in the default url database. You can add it to the default url database in “Categories List”->”Add websites to a catagory”.

4. Websites been blocked.

More information, please check “WFilter Enterprise”.

Other related links:

How to block internet downloading?
How to monitor internet usage on company networks?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?
How to setup ip-mac binding in WFilter?
How to block facebook at work of network computers?

How to identify computers in WFilter?

Leave a reply

WFilter can monitor and filter computers internet activities in your network. In WFilter, two monitoring modes are available: “by ip address” and “by MAC address”. In “by ip address” monitoring mode, WFilter identifies a computer based on its ip address, while it identifies a computer based on its MAC address in “by mac address” monitoring mode.

However, if computers ip addresses are not fixed in your network. You might have trouble to identify a computer to set its monitoring/blocking policy.

This tutorial will introduce you several solutions to identify computers in your network in WFilter.

1. Monitor and block by AD users

Since WFilter can be integrated with Microsoft active directory, you don’t need to face the trouble of identifying computers if you have an available AD.

With “account monitoring” enabled, you can set blocking policy based on AD users, despite which computers they are using.

Please check this document for more details about “account monitoring”: How to do monitoring based on user accounts?

2. Identify computers by MAC addresses

With “by mac address” monitoring mode, WFilter identifies a computer by its MAC address. MAC address is assigned by the manufacturer of a network interface card (NIC) and are stored in its hardware. It won’t change unless the NIC hardware is replaced.

When you set a recording policy or blocking policy to one computer in “user-computer table”, certain settings will be bound to its mac address. Even its ip address is changed, certain settings will not be lost.

However, “By MAC address” monitoring mode is only available for single-segment networks, because a computer’s mac address can not be retrieved when it’s located behind a router.

Therefore, in a single-segment network, “by mac addresses” will be a good choice if your ip addresses are dynamic.

3. Identify computers by IP addresses

If your network is multi-segments, you only can use “by ip address” monitoring mode. Therefore, we recommend you to make ip addresses static in a multi-segments network. If you want to leave the ip addresses as dynamic, the only solution left is “Monitor and block by AD users” as discussed above.

More information, please check “WFilter Enterprise”.

Other related links:

How to block internet
downloading?
How to monitor
internet usage on company networks?
Internet monitoring
software for business
How to
filter web surfing?
How to block
websites and restrict internet access?
How to block HTTPS
websites on my network?
How to setup ip-mac binding in WFilter?
How to block facebook at work of network computers?

How to block facebook at work of network computers?

Leave a reply

Facebook is a social utility that connects people with friends and others who work, study and live around them. However, employees might spend too much time on this website during working hours.

This tutorial will guide you to setup an internet policy to block facebook access at work with WFilter 3.3 version.

You can block facebook access at different levels:

Block facebook website completely.
Allow facebook website, but block facebook chatting.
Allow facebook website, but block facebook applications and games.

1. Block facebook website completely

1). Block facebook website by “Website Black/White List”.

Add “*.facebook.com” into a website black list.

Now HTTP access of facebook will be blocked.

2). Block https facebook by “HTTPS Black/White List”

Since facebook also provide https access, for complete blocking, you also need to block https facebook by “HTTPS Black/White List”.

Add “*.facebook.com” into a HTTPS black list.

Please notice, reopening of your browser is required for the HTTPS black list to work.

2. Block facebook IM chatting

You may use WFilter to block “facebook IM” directly in “Blocking Level Settings”->”Messengers”.

You will not be able to send a message when facebook IM is blocked.

3. Block facebook applications and games

Facebook applications and games will be blocked simply by adding “apps.facebook.com” into a website black list.

More information, please check “WFilter Enterprise”.

Other related links:

How to check whether a switch supports port mirroring?

Leave a reply

To monitor internet activities of all computers in your network, the WFilter computer shall be connected to a mirroring port of your switch, or install WFilter into a gateway computer.

Some inexperienced users might don’t know whether a switch can support port mirroring. Hence we list how to check whether port mirroring is supported by your switch.

First, check the features list of your switch.

“Port mirroring” is also called as “port SPAN”, “port monitoring”. A port mirroring switch is usually called “a manageable switch” or “managed switch”.
If you can find certain keywords in your switch features list or manual, “port mirroring” is supported.

Example 1: description of cisco 2950.

Example 2: feature list of NETGEAR GS108T.

Second, check switch Web UI to find mirroring options.

Most manageable switches provide you a web UI or console interface for you to change it settings. If you can find “port mirroring” or “port monitoring” options in its Web UI, certainly port mirroring is supported.

Example 1: Web UI of dlink 3226.

Example 2: Web UI of netgear GS748AT.

For more information, please check: Why WFilter can only monitor itself? How to monitor other computers in network?

How to block internet access of guest computers in network?

Leave a reply

Guest computers might come and leave for a network. However, unmanaged internet access of guest computers could be a nightmare for your network. Guest computers can consume most of your bandwidth with p2p downloading, and download copyrighted materials or virus which might be harmful.

This tutorial will guide you to setup a default internet blocking policy for guest computers with WFilter 3.3 version.

1. Set a different ip address range for guest computers.

If guest computers share a same ip address range with your existing computers, you won’t be able to recognize them. For management purpose, the guest computers shall be in a different ip address range. For example:

1. Allocate all you existing computers with static ip addresses from “192.168.1.0″ to “192.168.1.200″.

2. In your wireless AP, set the DHCP range from “192.168.1.200″ to “192.168.1.250″.

Now every guest computers(mostly laptops) will get an ip address in range “192.168.1.200 – 192.168.1.250″. Then you can set a blocking policy for them in WFilter.

2. Setup default blocking policies for certain ip ranges.

Now you can setup a default blocking policy for ip address in range “192.168.1.200 – 192.168.1.250″. Every new computers in this ip range will be applied with this default policy.

Please notice: If you can not setup a different DHCP range for guest computers, you also can enable this “default monitoring policy” for new found computers. This feature is for WFilter to automatically configure monitoring and blocking policy when it detects a new computer.

More information, please check “WFilter Enterprise”.

Other related links:

How to
block internet downloading?
How
to monitor internet usage on company network?
Internet
monitoring software for business
How to filter
web surfing?
How
to block websites and restrict internet access?
How
to block HTTPS websites on my network?

How WFilter works to block internet connections in network?

Leave a reply

How WFilter works to monitor and archive internet activities?

WFilter is an enterprise Internet filtering software program. A business or
organization can implement its Internet communication policy into
WFilter and let it perform the work.
WFilter intercepts, records and monitors Internet behaviors of users
on a network, for the purpose of ensuring policy compliance, or
measurement on job performance in an organization.

A mirroring port replicates the data from other ports or VLAN’s. To monitor all internet activity, WFilter needs to be connected to a mirroring port of your switch. And the mirroring port shall be configured to mirror your internet traffic.

When connected to a mirroring port, WFilter gets packet copies of all internet traffic, then decodes and saves them into log files. This is how WFilter works to monitor internet usage.

For more information about how to setup port mirroring, please check: WFilter Deployment Examples.
To check whether your port mirroring is properly configured, please check: How to check whether port mirroring is properly configured?
If you don’t have a manageable switch, you need to setup a windows gateway or proxy server to do monitoring, please check: How to monitor internet usage without a manageable switch?

How WFilter works to block internet connections?

Many users had asked: “Since WFilter only handles packet copies and the original packets don’t pass through WFilter machine, how WFilter works to block internet connections?”

Actually, there are two filtering technology: pass-through filtering and pass-by filtering.

With a pass-through filtering solution, packets shall pass through the filtering product; if a packet needs to be blocked, the filtering product just drop it.

However, a pass-by filtering product only handles copies of network packets, it can not hold the original packets. Therefore, it sends RST packets to terminate TCP connections. This is how WFilter works to block connections.

Please notice:

1. Since WFilter needs to send RST packets to block a connection, the “blocking adapter” of WFilter shall be able to access your network. The blocking adapter shall be configured in “System Settings”->”Monitoring Settings” of WFilter.

2. Some switches do not allow outgoing traffic on the mirroring port, if so, you need to setup a separate NIC as the blocking adapter. Even outgoing traffic is allowed on the mirroring port, we recommend you to use a secondary NIC for blocking when you’re managing over 100 computers. Otherwise, the monitoring adapter will be overloaded.

3. If you have multiple VLANs, the blocking adapter shall belong to a VLAN which can communicate with other VLANs.

4. Sometimes you might need to set “Automatic Metric” of the blocking adapter for windows to recognize this adapter as the primary adapter. Please check this blog topic: Blocking adapter doesn’t work when using two network cards with WFilter.

For more information about difference of the two filtering solutions, please check: What’s the difference between Pass-by filtering and Pass-through filtering?
More details about WFilter filtering technology, please check: WFilter Technologies and Security

How to block Mail.Ru Agent in network?

Leave a reply

1. What is the Mail.Ru Agent?

Mail.Ru is the leading Internet portal in Russia in communication and entertainment. Its key product is the biggest communication portal for Russian speaking audience that includes the largest free webmail service, instant messenger Mail.Ru Agent, national social network Moi Mir@Mail.Ru and search engine Poisk@Mail.Ru, Mail.Ru headquarters is in Moscow.

Also Mail.Ru is the leader in online game publishing with over 50 percent market share in Russia. The company is a publisher of more than 100 game titles in Russia, Europe, Asia, including such popular original titles as Troetsarstvie, Legend: Legacy of the Dragons, Allods Online as well as successful international licenses such as Perfect World II, Lord of the Rings Online. Also Mail.Ru owns 50 percent in NIKITA.ONLINE.

This turtorial will guide you to block Mail.Ru Agent in your network.

2. How to block Mail.Ru Agent and Web-Mail.Ru?

2.1. First, add a new Custom Protocol

Because “Mail.Ru Agent” is not in Wfilter default pattern database, you need to add a custom protocol.

The first pattern:

            Name: Mail.Ru_TCP
            Desc: Mail.Ru_TCP
            Type: TCP SEND
            Offset: 0
            Format: 0
            Content: ^\xef\xbe\xad\xde

The second pattern:

            Name: Mail.Ru_HTTP
            Desc: Mail.Ru_HTTP
            Type: HTTP SEND
            Offset: 0
            Format: Host
            Content: ^(mra|webagent)\.mail\.ru

        The third pattern:

            Name: Mail.Ru_TCP_2
            Desc: Mail.Ru_TCP_2
            Type: TCP RECV
            Offset: 0
            Format: 0
            Content: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:2041\x0a$

2.2. Enable blocking of “Mail.ru Agent” in certain blocking policy.

Apply this blocking policy to certain computers.

3. Now Mail.Ru Agent will be completely blocked.

4. Web-Mail.Ru is also blocked.

More information, please check “WFilter Enterprise”.

Other related links:

How to block proxy websites in network?

Leave a reply

Even a content filtering product is deployed in your network, some experienced users still can bypass the content filter via proxies.

There are three kinds of proxies:

1). Proxy server

Proxy server provides proxy service for applications to access internet via proxy protocol, including HTTP, FTP., SSL and SOCKS proxy. SOCKS protocol description

2). Proxy Website

A proxy site is a web page which allows you to browse your favorite web sites – even though your access to those web sites might be blocked by a content filter.

3). VPN tunnel service

Online VPN service, for example: tor. Please check this blog for how to block tor.

In this tutorial, I will guide you to block proxy servers and proxy websites.

1. How to block proxy servers?

We can block proxy servers simply by block proxy protocol, such as HTTP, SOCKS.

2 Block proxy websites

2.1 Using website black list to block proxy sites

You can add proxy websites to a website black list to be blocked.

However, since a website black list can not contain all proxy websites, we recommend you to enable “URL keywords filtering” and “Web access rules” to block proxy websites based on our URL database and URL keywords.

2.2 Using URL keywords to block proxy sites

Add “proxy”, “unblock” to “Proxies”. So URLs with certain keywords will be blocked.

2.3 Using “Web access rules” to block proxy sites

Websites in “Proxies” category will be blocked. WFilter already has a default URL database which contains most common websites.

How to block PPStream online video in network?

Leave a reply

Many people might eager to know how to block PPS in their network. Because their roommates or family members eat up their bandwidth by using PPS. And the reason why it is hard to block PPS is it can use any random port.

What is PPStream?

PPS (PPStream) is a Chinese peer-to-peer streaming video network software. Since the target user is in Chinese mainland, there is no official English version, and bast majority of channels are from Eastern Asia, mostly Mainland China, Korea, Japan, Hong Kong, Taiwan and Singapore. Channel varieties vary from Chinese movies to Japanese anime, sports channels, as well as American popular TV and films.

It broadcast TV programs stably and smoothly to broadband users. Compared to traditional stream media, PPStream adopts P2P-streaming technology and supports high-volume traffic with tens of thousands of users online at once.

Brief introduction of PPStream protocol

How to block PPStream with the help of WFilter?

1. You need to block to block UDP ports 1024-65534 in your router or firewall.

2. Add a blocking level and enable “Block PPS”.

3. Apply blocking level to the computers you want to block.

4. Blocking events in WFilter.

Check PPStream blocking video at: http://www.youtube.com/watch?v=U2RbOgUEaDQ

You can find how to block P2P traffic and downloading at: How to block P2P traffic and downloading?