Re: Counter Strike blocker?

From: Mark Jones (MarkJones_at_discussions.microsoft.com)
Date: 10/08/04 

Date: Fri, 8 Oct 2004 06:23:06 -0700

Your problem is 2 fold from what i can see

1. - School policy - From what you say there is a distinct lack of school
policy regarding computer usage, and this itself is your biggest security
problem. No one, and i mean no one should be admin of any machines except the
support department (aka domain admins). The use of MS virtual machine or
something similar would enable the pupils to learn what they need and be
admins of virtual machines, without the need to give them any local
privilages. A plus point here would also be that virtual machiens will not be
powerfull enough to play any decent games (and in fact can be resticted). You
can also implement a decent domain policy this way.

2. - Spotting offenders - In my opinion it is not a great idea to scan for
an open port on all remote machines on your network constantly (although i
suppose this depends on how many machines you have), so the easiest way to
spot any game servers would be to have a machine installed with Half life
your self and scan for servers! Failing that (and being more professional) an
application would be a good idea. There is a simple ping class that lets you
specify the remote port called BKPing, you could specify the remote port and
see if you get a responce. The problem is (and i could be wrong here as i
havn't played HL for a while!) You can specify the port the server runs on.
Another alternative would be to create an invisible app (one that is not
visible in task manager or the taskbar) which is run at login, (in a login
script) and which monitors the active process list for the app name or hash
value of the main HL exe (or both), if it's run it could report back to you,
either with a simple net send or (better) by creating a pipe to a monitor app
on your machine, it could also terminate the exe, although that would arrouse
suspicion and potentially expose the app. Monitoring for window names is
quite simple and there are plenty of examples on the net, either by using the
window handle, or process list (WMI for example) would be easy.

I'm afraid there is no simple resolution to your problem, at least not that
i can think of, security is your main issue, and something that shoud be
addressed.

Mark

"Gerry O'Brien [MVP]" wrote:

> I wrote a windows service one time that checked the HWnd and got the app's
> name from that. It would shut the app down by killing the process and run a
> check every 10 to 20 seconds to see if it started back up.
>
> I don't know if Counter Strike has a hook that you can look for but you may
> want to get its process name and see of you can kill that.
>
> --
> Gerry O'Brien [MVP]
> Visual Basic .NET(VB.NET)
>
>
>
>
> "Johan Christensson" <johan.christensson@telia.com> wrote in message
> news:%23SkKzRLrEHA.756@TK2MSFTNGP11.phx.gbl...
> > Well, they have a firewall that prevents the kids from playing internet
> > games, so the problem here is localy played games.
> >
> > The problem get's even more severe since many of these students are
> > attending computer courses that aim to give the students a understanding
> > of network computing basics, Windows networks, AD and so on, so they know
> > a quite alot some times, and they install there own clients. This prevents
> > me to acces the computers as an Administrator, since they only join there
> > own domain. Further, this also mean that most of the kids are local
> > administrators of there own computers.
> >
> > My first thought was to create an application that scans for CS servers.
> > The next step would be to listen after client requests for that computer
> > and to some how block or disturbe the traffic between the client and the
> > server by sending some malformed package or just a hep of junk. A second
> > though was that this might consume a lot of network traffic, and the I
> > would be the bad guy. :D
> >
> > Any thought?
> >
> > /JCh
> > "Iain Mcleod" <mcleodia@dcs.gla.ac.uk> wrote in message
> > news:%23AhhpELrEHA.3324@TK2MSFTNGP15.phx.gbl...
> >> Hi Johan
> >>
> >> Firstly a decent setup on the school's computers would prevent the kids
> >> from loggin on with administrative privileges. That way you could
> >> prevent them installing the game. It may be that you are already doing
> >> this, but the kids probably know a backdoor which gives them admin privs.
> >> This is distinctly possible if you are not running the latest service
> >> packs on all the machines. You should be doing this.
> >>
> >> You could write a program that searches in a known location for known
> >> counterstrike files on all the hard drives of the school machines through
> >> the c$ administrative share (the local hard drive on a machine should be
> >> viewable to network administrators through this share). Check wherever
> >> counterstrike is installed by its setup program and what files are
> >> installed and then write a program to look for those files.
> >>
> >> You can also block the external traffic by installing a firewall on the
> >> gateway computer controlling the school's access to the internet. Find
> >> out what ports counterstrike servers normally listen on. I had a quick
> >> google and it seems that most seem to be running on ports 27015 through
> >> 27018. Of course the port that a server is listening on is almost
> >> certainly a configuration option and there may be servers out there which
> >> are on different ports. Blocking 27015 through 27018 would stop most of
> >> the kids from finding the common servers.
> >>
> >> The firewalling will not prevent the kids from playing local games on the
> >> school network between themselves though if counterstrike gives the
> >> option of running a local server for a game (I don't play it myself, so I
> >> don't know!). Kid 1 could set up a local server and kids 2, 3 and 4
> >> could then connect in and they could play against each other. I'm afraid
> >> the only option there would be to get some packet sniffing software and
> >> listen for traffic on the ports I mentioned above. I've never used any,
> >> so I can't recommend any. Chances are that the traffic would be UDP not
> >> TCP as that is what most games run on.
> >>
> >> Finally, it should be stressed to the kids that school policy prevents
> >> such practices and individuals caught will be severely punished etc. It
> >> just takes a few unlucky kids to be caught and made an example and the
> >> practice should soon stop :)
> >>
> >> Hope that gives you some pointers to further info.
> >>
> >> Either that, or forget about the whole thing and join them in their
> >> games...
> >>
> >> Kids, eh?
> >> :-)
> >> Iain
> >>
> >>
> >> "Johan Christensson" <johan.christensson@telia.com> wrote in message
> >> news:ulv5M4KrEHA.3464@TK2MSFTNGP14.phx.gbl...
> >>> Hi.
> >>>
> >>> I got contacted by an old teacher today that works at a public shool
> >>> here in Sweden. They have a ever groving problem with the students
> >>> playing Counter Strike on the schools computers. Not only dose this pose
> >>> a problem with bandwidth usage, but the fact that the Half-Life
> >>> installations often are not licensed, and this puts the school in a
> >>> tight position. Apperently the schools IT department say that thay can't
> >>> do anything to stop it from there point of view.
> >>>
> >>> He asked me if I chould come up with a solution. So here is my idea:
> >>>
> >>> I'm not that familiar with Couter Strike, but I belive that it's a
> >>> client server setup. Would it be possible to some how make a application
> >>> that listens after CS Servers and block/jam there traffic? I want to
> >>> disturb the CS traffic but not everything else?
> >>>
> >>> I'm quite an experiensed programer, but in this case I have no clue
> >>> where to start. All help is apprciated.
> >>>
> >>> /Johan Ch
> >>>
> >>
> >>
> >
> >
>
>
>