Ethereal Capture-Filter for web address filtering

replace / install squid and have the users forced to use it for surfing. Then loggin will be as simple as extractings strings from the log.

The port is 53 in either udp (mostly used) and tcp (not very often). But, since your W2K acts as a proxy, why don't you just use the log-facility on this machine?

Mathias

In article , Felix Eggbert wrote: :I guess I have to filter just the requests of the workstations to the :dns server, haven't I? With this I could theoretically see which :addresses are to be solved, am I right? How do I do this/which port do I :filter for name resolution?

UDP and TCP ports 53. Usually UDP with a fallback to TCP when the answer is large (> 512 bytes), but going directly to TCP is valid as well.

:My boss has told me to find out which web addresses within :the company are surfed to when he is on holidays.

I must echo the previous poster who warned that what you have been asked to do might be illegal in Germany.

The legality here (Canada) would depend in part on whether by 'web addresses' you mean the URL's, or just the hostnames. For example, do you want to record just 'aol.de', or do you want to record '

the UK follows some of the european laws about privacy (but isnt anywhere near as strict as Germany).

you need your users to understand that they may be monitored, or the company (and you specifically) are breaking the law.

I suggest you check this before doing anything, since even if the company doesnt do anything with the information you collect you may still be violating some sort of privacy or data protection laws.

the usual way to intercept URLs is to use an explicit or a transparent web proxy.

Some SOHO and larger firewalls will keep a list of accessed web sites for you - you may find your existing firewall can have logging set up for what you want.

there is a "standard" technique used to hand off URLs from a router for checking / logging called WCCP - this isoften used for caching, but can also drive URL checking software such as Websense.

It may make more sense to build this into your network perimeter and let commercial tools do the complex data collection rather than rolling your own.

This is not a universal statement world wide or even US wide. I don't even thing it is generally true in the US. Where are you located?

these are really Qs for a lawyer

it is legal here if you explain what is going on - but you probably have to tell them what you might do with the info, and they may have to agree to it before it happens - your personnel people should be worrying about this side of it.

I wonder if it also is illegal if you captured the

i suspect it depends on why you want to trace it to a specific station - if someone may get identified by the info, then probably not

No - but the difficullt bit is classifying all the different URLs - a reasonable size network may generate 100s of requests / hour.

This is why people buy a service so they can concentrate on which kinds of web site they want to block rather than individual sites. Most of the commercial systems claim to classify 1,000,000s of sites.

Mathias Gaertner schrieb:

Hello,

Thanks for your answers. I know it is illegal monitoring employees WITHOUT their knowledge of the process. I think it is legal to do so if you announce this. I wonder if it also is illegal if you captured the requested web addresses but not the stations names the request came from. Is it illegal to block certain websites within the company network?

Best regards,

Felix

This is very dependant on country. Some allow monitoring even without consent. Others require consent. For Germany, you may find some interesting discussion in c't magazine.

All monitoring must be justified by genuine business concerns. Bandwidth usage, virus activity, etc. Some monitoring is required.

Snooping on employees and taking no action is unjustifiable. Pure invasion of privacy. Snooping for discipline then risks a full review. The employee may insist on seeing all records to verify that no-one undisplined was worse or nearly as bad.

I would expect this is usually legal. In the US, it is often considered negligent _not_ to block p*rn websites because they can create "an oppressive environment of sexual harrassment".

-- Robert