Author Archives: WFilter

How to Block Bittorrent and bitcomet using WFilter

Leave a reply

Someone told me WFilter can not block bittorrent downloading. So I did some research yesterday.


I downloaded both bittorrent and bitcomet from their official website. I also downloaded an availble torrent file from bittorrent.com.


Turning “Block P2P” on in WFilter console, then use bitcomet to download, the download never begined. However, when I use bittorrent to download, it will start downloading after trying for a few seconds.


This is really interesting. Since WFilter can detect and block bittorrent traffic using pattern match, this should not happen. So what’s the reason? After detailed analysis of the network traffic, I found bittorrent also download data directly from bittorrent.com using http protocol. That means bittorrent not only use p2p downloading, but also can download files directly from the website.


Knowing that, I added “bittorrent.com” in the black list of wfilter’s website black&white list, then did the download again. Aha, bittorrent never be able to download any files.


 


 

WFilter configuration examples.

Leave a reply

Here we’ve added some configuration examples of wfilter:




























# Title Description

1
 Website Black/white List Configuration Example of website black and white list configuration.

2
 Email Black/White List Configuration Example of email black and white list configuration.

3
 ID based Black/White List Configuration Example of ID based black and white list configuration.

4
 Example of Blocking QQ Examples of blocking QQ, blocking QQ file transfer and QQ id black&white list configuration.

5
 Example of Blocking MSN Examples of blocking MSN, blocking MSN file transfer and MSN id black&white list configuration.

WFilter deployment examples.

Leave a reply

We’ve added some wfilter deployment examples in pratice.
























# Title Description

1
 Deploy WFilter using Dlink2366 Using Dlink2366 port mirror switch to deploy WFilter.

2
 Deploy WFilter using Quidway S5012p Using Huawei QuidwayS5012p to deploy WFilter.

3
 Wireless Network Monitoring Example Example of wireless network monitoring

4
 Deploy WFilter using cisco 2950 Example of deploy WFilter using cisco 2950 with ISA Server.

How to block msn file transfer?

Leave a reply

MSN, also called as live messenger is widely used. Windows Live Messenger gives you brilliant ways to connect and share your photos (and other stuff). Contact lists, emoticons, instant access to your friends.


However, sending and receiving files using MSN will face some security risk. External users can send files that might contain viruses or malicious code to users on the internal network. In addition, a liability risk arises if employees use the file transfer feature to share copyrighted music, movie or software files in violation of the law.


How to block msn file transfer?


MSN transfers files using dynamic ports which are negotiated. So it is impossilbe to block msn file transfer ports.


WFilter provides a efficient way to block msn file transfer. By using WFilter, It is very easy for you to detect and block MSN file transfers.


A more detailed example can be found here:


Example of blocking msn

How to block P2P traffic using WFilter

Leave a reply

A pure peer-to-peer network does not have the notion of clients or servers, but only equal peer nodes that simultaneously function as both “clients” and “servers” to the other nodes on the network. This model of network arrangement differs from the client-server model where communication is usually to and from a central server.


Some networks and channels such as Napster, OpenNAP and IRC server channels use a client-server structure for some tasks (e.g. searching) and a peer-to-peer structure for others. Networks such as Gnutella use a peer-to-peer structure for all purposes, and are sometimes referred to as true peer-to-peer networks, although Gnutella is greatly facilitated by directory servers that inform peers of the network addresses of other peers.


As you can see from above, a peer-to-peer network is complex and it is almost impossible for you to block p2p in the router or the gateway.


WFilter provides a efficient way to block p2p traffic by signature match. By using WFilter, It is very easy for you to detect and block p2p traffic and file downloading.


WFilter related features:



  • Detect p2p traffic in your network.
  • Implement a policy to block certain p2p traffic.
  • Support over 30 p2p protocols, cover most common p2p softwares.
  • Define a file extension list forbidden from being download.

 

How to block AIM using WFilter

Leave a reply

AOL Instant Messenger (often referred to as “AIM”) is an instant messaging application that allows registered users to communicate in real time via text, voice, and video transmission over the Internet. It is maintained by AOL LLC. The official website is www.aim.com.

AIM is widely used all over the world. However, employees are using AIM to chat privacy topics, send and receive files, which will decrease working productivity, waste time and raise security risk.

So it is important to block AIM in enterprise network.


How to block AIM in your network?


AIM messenger can connect in several ways. Default is TCP port 5190. However, if you block AIM port 5190 in your firewall. It will turn to use port 80, 443 instead. And also, AIM messenger can use a HTTP/SOCK4/SOCK5 proxy server to reach the server. Even the worth, AIM traffics through port 80 using HTTP protocol, if you allow your employees to browser website, the 80 port must be available. And AIM has official clients, and many unofficial clients like gaim, trillian are also popular.
So, is blocking AIM mission impossible?

Of course not, but professional internet filter tools are needed. To block aim traffic, it needs the blocking aim tool has the ability to pick up aim traffic from large amount of connections.

I recommend you use WFilter to block aim, block msn and block messenger.


WFilter related features:



  • Monitor AIM and ICQ messenger usage.
  • Record chat contents of AIM and ICQ.
  • Record files transfered by AIM/ICQ.
  • Implement a policy to block AIM/ICQ or certain AIM/ICQ accounts.
  • Block AIM file transfers, block icq file transfers.
  • Support offical messenger client and other third party clients like gaim, trillian.


 


WFilter other monitor features:


Chat Monitor, MSN Messenger Chat Monitor, Yahoo Chat Monitor and other instant messenger monitor, block MSN, block Yahoo, block AIM, and other instant messenger block, block p2p, block p2p traffic, filter internet, block internet, internet monitor, monitor employee internet activity…



Wireless network monitoring example

Leave a reply

Wireless communication brings fundamental changes to data networking and telecommunications. Now days, more and more organizations and home users build up wireless networks. And in many situations, wired networks and wireless networks exist together. This topic demonstrates a solution to monitor wireless networks internet activities.


A typical network contains both wired and wireless networks:



To monitor both the wired network and the wireless network, we add a tplink port mirror switch TL-SL2210WEB here.


Port1 of it is connected to the router, port2 connected to WFilter and port3 connected to the wireless Access Point.


The port mirror configuration is as below:


 



By now, you can monitor all the wireless computers.


 

WFilter deployment using dlink2366

Leave a reply

 


WFilter Deployment


—-Using Dlink2366


A company use a router connected to internet. A Dlink2366 as the central switch.


The network topology diagram:


 



 


In this issue, we only need to do port mirroring in the Dlink2366 to do monitoring.


Dlink 2366 port mirror configuration:



As in the diagram above, port 16 is connected with the router and port 1 is connected to the computer with WFilter installed on.


WFilter related features:


Chat Monitor, Monitor employees, internet monitor, msn chat monitor, aim monitor, yahoo monitor, block p2p, block msn, block aim, block yahoo, block messenger, filter internet.

WFilter deployment using CISCO2950 + ISA2004

Leave a reply

WFilter Deployment


—- CISCO2950 + ISA2004


Company A use ISA server 2004 as the proxy server, a cisco 2950 switch as the central switch.


The topology diagram:


 


 



For this kind of topology, we have two solutions:


Solution 1: Install WFilter at the ISA server computer can directly monitor all computers.


Solution 2: Install WFilter at another computer and configure port mirror at cisco 2950.


Notice:  By default, WFilter only analysis traffic between local network and the internet. So if you are using a local proxy server, WFilter will not analysis the traffic between the proxy server and the client computers by default. You need to add the proxy server ip address to “Local Servers” in “Monitor Settings” of WFilter to make WFilter work.


How to configure port mirror of CISCO 2950?


As indicated in the above diagram, the ISA server is connected to port 23 of the switch and WFilter is connected to port 22. To make WFilter work, you only need to mirror port 23′s traffic to port 22.


Syntax:

monitor session session_number {destination {interface interface-id [, | -] [encapsulation {dot1q}] [ingress vlan vlan id] | remote vlan vlan-id reflector-port interface-id} | {source {interface interface-id [, | -] [both | rx | tx] | remote vlan vlan-id}}


In this example:


1. Set port 23 as the source mirror port


monitor session 1 source interface Fa0/23


2. Set port 22 as the destination port


monitor session 1 destination interface Fa0/22 ingress vlan 1

Notice: By default, the mirror port of cisco 2950 is recv-only. However, WFilter shall be able to send packages to implement block features. So in this example, we add “ingress vlan 1″ to enable send of port 22.


Some cisco switch do not support ingress syntax, if your switch does not support ingress, you can set a different “blocking adaptor”. Please follow below steps:


1. Set port 23 as the source mirror port.


monitor session 1 source interface Fa0/23



2. Set port 22 as the target mirror port(recv-only)


monitor session 1 destination interface Fa0/22


3. Add a network card in the computer with WFilter install on, connected to a normal port of the switch.


4. Change the “blocking adatpor” to the new added adaptor in “Monitor Settings” of WFilter.





WFilter related features:


Chat Monitor, Monitor employees, internet monitor, msn chat monitor, aim monitor, yahoo monitor, block p2p, block msn, block aim, block yahoo, block messenger, filter internet.