How to block FreeDownloadManager.org

ErnstTFD
Getting noticed

How to block FreeDownloadManager.org

This morning I caught a colleague red handed downloading a series via a torrent using "Free Download Manager". This despite the fact that he is on a policy with layer 7 rules to block all "Peer-to-peer" and all "Web file sharing".

 

I can see under Meraki Clients that this user has downloaded data from 6 random IP's with ports ranging from 6881 to 49869.

 

How do I prevent this in the future? Should I block all ports and only allow specific ports? Or block all port above a certain value? I did a quick search for port blocking with Meraki and did not come across a related article that was helpful.

 

Also, can I report this software to Meraki somehow so that they can update their layer7 filters?

 

Any advice would be appreciated.

3 Replies 3
BrandonS
Kind of a big deal

You could run a packet capture while using the tool and then collect DNS names and IP addresses it uses.  Then you could try blocking those explicitly.  I am not sure how to ask for updates to the filters categories, but I suppose you could send details to support and inquire.

 

Curious if this colleague knows that you know?  Sometimes when users know that they can be monitored their behavior changes.

- Ex community all-star (⌐⊙_⊙)
BlakeRichardson
Kind of a big deal
Kind of a big deal

@ErnstTFD  Does your workplace have a sound policy where using such applications is forbidden? If so I would get their manager to have a word with them and hopeuflly that along with @BrandonS  suggestion that internet is monitored is enough to scare them.

 

If there isn't a policy then technically they haven't done anything wrong. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
ErnstTFD
Getting noticed

We definitely have a policy  against misuse of IT privileges that includes downloading or pirating non-work related data.

That policy is included in their work contract, so there is no denying that he did something wrong. He might even get a written warning with regard to the incident, though that is up to his department head, not me.

 

@BrandonS I already had a talking to the person together with his department head. As you say the more people in the company are aware that they are being monitored the better their online behavior will be.

 

So far I have blocked all ports from 1024-65535, and that seems to have stopped the software in its tracks. Though now we have some other services that has been influenced and I'll have to spend some time figuring out which specific ports it requires to work. I'm sure we will get everything working properly again soon.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels