Archived from groups: comp.security.firewalls (
More info?)
Captain Ron wrote:
> It is my understanding weatherbug uses port 80. I was wondering if anyone
> knows of a way to block weatherbug on our firewall?
I'm not sure what applications / functions / spyware are currently
bundled in Weatherbug, but if any of them work by accessing static
networks, you can use a sniffer (Ethereal) to identify and then
block those networks in firewall. You'll need a test machine
with unrestricted access to the Internet, on which to install
Weatherbug, so you can sniff its network access traffic.
If Weatherbug uses named domains, you can easily block these in your
local DNS server, by declaring that server as 'master' for those
domains and then pointing those domains to a shared dummy record or
server.
If you do all this BEFORE you trying banning Weatherbug, you'll
likely be more successful, since it's easier to get people to
give up something that doesn't work in the first place.