Counter Strike blocker?

[Johan Christensson]

Hi.

I got contacted by an old teacher today that works at a public shool here in
Sweden. They have a ever groving problem with the students playing Counter
Strike on the schools computers. Not only dose this pose a problem with
bandwidth usage, but the fact that the Half-Life installations often are not
licensed, and this puts the school in a tight position. Apperently the
schools IT department say that thay can't do anything to stop it from there
point of view.

He asked me if I chould come up with a solution. So here is my idea:

I'm not that familiar with Couter Strike, but I belive that it's a client
server setup. Would it be possible to some how make a application that
listens after CS Servers and block/jam there traffic? I want to disturb the
CS traffic but not everything else?

I'm quite an experiensed programer, but in this case I have no clue where to
start. All help is apprciated.

/Johan Ch

 

[Christopher Kurtis Koeber]

Well, what operating system does the systems that have counter-strike have?
If using Windows NT/2000/XP, you could just create a local system or domain
based security policy where only authorized programs can run.

Christopher

 

[CJ Taylor]

The IT department can't do anything???

Have they ever heard of a firewall?

 

[Iain Mcleod]

Hi Johan

Firstly a decent setup on the school's computers would prevent the kids from
loggin on with administrative privileges. That way you could prevent them
installing the game. It may be that you are already doing this, but the
kids probably know a backdoor which gives them admin privs. This is
distinctly possible if you are not running the latest service packs on all
the machines. You should be doing this.

You could write a program that searches in a known location for known
counterstrike files on all the hard drives of the school machines through
the c$ administrative share (the local hard drive on a machine should be
viewable to network administrators through this share). Check wherever
counterstrike is installed by its setup program and what files are installed
and then write a program to look for those files.

You can also block the external traffic by installing a firewall on the
gateway computer controlling the school's access to the internet. Find out
what ports counterstrike servers normally listen on. I had a quick google
and it seems that most seem to be running on ports 27015 through 27018. Of
course the port that a server is listening on is almost certainly a
configuration option and there may be servers out there which are on
different ports. Blocking 27015 through 27018 would stop most of the kids
from finding the common servers.

The firewalling will not prevent the kids from playing local games on the
school network between themselves though if counterstrike gives the option
of running a local server for a game (I don't play it myself, so I don't
know!). Kid 1 could set up a local server and kids 2, 3 and 4 could then
connect in and they could play against each other. I'm afraid the only
option there would be to get some packet sniffing software and listen for
traffic on the ports I mentioned above. I've never used any, so I can't
recommend any. Chances are that the traffic would be UDP not TCP as that is
what most games run on.

Finally, it should be stressed to the kids that school policy prevents such
practices and individuals caught will be severely punished etc. It just
takes a few unlucky kids to be caught and made an example and the practice
should soon stop

Hope that gives you some pointers to further info.

Either that, or forget about the whole thing and join them in their games...

Kids, eh?

Iain

 

[Johan Christensson]

Can't, don't know how to.... I don't know actully. Any way. They have a
firewall that blocks this kind of traffic, but this is only helpfull when it
comes to games over the internet, not localy played games.

/JCh

 

[Johan Christensson]

Well, they have a firewall that prevents the kids from playing internet
games, so the problem here is localy played games.

The problem get's even more severe since many of these students are
attending computer courses that aim to give the students a understanding of
network computing basics, Windows networks, AD and so on, so they know a
quite alot some times, and they install there own clients. This prevents me
to acces the computers as an Administrator, since they only join there own
domain. Further, this also mean that most of the kids are local
administrators of there own computers.

My first thought was to create an application that scans for CS servers. The
next step would be to listen after client requests for that computer and to
some how block or disturbe the traffic between the client and the server by
sending some malformed package or just a hep of junk. A second though was
that this might consume a lot of network traffic, and the I would be the bad
guy.

Any thought?

/JCh

 

[Iain Mcleod]

You could certainly write an app that scans for the traffic on the local
network.
I wouldn't try and disturb the traffic, just locate the machines and catch
the offender in the act.

As to the kids installing the game, like I said in my previous post, all
machines should be service packed. That will prevent most exploits which
allow a user to gain administrative privs. What OS is the school running?

Cheers
Iain

 

[Gerry O'Brien [MVP]]

I wrote a windows service one time that checked the HWnd and got the app's
name from that. It would shut the app down by killing the process and run a
check every 10 to 20 seconds to see if it started back up.

I don't know if Counter Strike has a hook that you can look for but you may
want to get its process name and see of you can kill that.

 

[CJ Taylor]

Ok, this has been mentioned a lot before but you really need to lock down
your network. You don't need to custom write an app, if your using AD
(Which I think you said you were) then its no problem.

Sounds like your admin's have easily crackable passwords if their setting up
their own domains...

 

[Guest]

Your problem is 2 fold from what i can see

1. - School policy - From what you say there is a distinct lack of school
policy regarding computer usage, and this itself is your biggest security
problem. No one, and i mean no one should be admin of any machines except the
support department (aka domain admins). The use of MS virtual machine or
something similar would enable the pupils to learn what they need and be
admins of virtual machines, without the need to give them any local
privilages. A plus point here would also be that virtual machiens will not be
powerfull enough to play any decent games (and in fact can be resticted). You
can also implement a decent domain policy this way.

2. - Spotting offenders - In my opinion it is not a great idea to scan for
an open port on all remote machines on your network constantly (although i
suppose this depends on how many machines you have), so the easiest way to
spot any game servers would be to have a machine installed with Half life
your self and scan for servers! Failing that (and being more professional) an
application would be a good idea. There is a simple ping class that lets you
specify the remote port called BKPing, you could specify the remote port and
see if you get a responce. The problem is (and i could be wrong here as i
havn't played HL for a while!) You can specify the port the server runs on.
Another alternative would be to create an invisible app (one that is not
visible in task manager or the taskbar) which is run at login, and which
monitors for the app name or hash value of the main HL exe (or both), if it's
run it could report back to you, either with a simple net send or (better) by
creating a pipe to a monitor app on your machine.

I'm afraid there is no simple resolution to your problem, at least not that
i can think of, security is your main issue, and something that shoud be
addressed.

Mark

 

[Guest]

Your problem is 2 fold from what i can see

1. - School policy - From what you say there is a distinct lack of school
policy regarding computer usage, and this itself is your biggest security
problem. No one, and i mean no one should be admin of any machines except the
support department (aka domain admins). The use of MS virtual machine or
something similar would enable the pupils to learn what they need and be
admins of virtual machines, without the need to give them any local
privilages. A plus point here would also be that virtual machiens will not be
powerfull enough to play any decent games (and in fact can be resticted). You
can also implement a decent domain policy this way.

2. - Spotting offenders - In my opinion it is not a great idea to scan for
an open port on all remote machines on your network constantly (although i
suppose this depends on how many machines you have), so the easiest way to
spot any game servers would be to have a machine installed with Half life
your self and scan for servers! Failing that (and being more professional) an
application would be a good idea. There is a simple ping class that lets you
specify the remote port called BKPing, you could specify the remote port and
see if you get a responce. The problem is (and i could be wrong here as i
havn't played HL for a while!) You can specify the port the server runs on.
Another alternative would be to create an invisible app (one that is not
visible in task manager or the taskbar) which is run at login, (in a login
script) and which monitors the active process list for the app name or hash
value of the main HL exe (or both), if it's run it could report back to you,
either with a simple net send or (better) by creating a pipe to a monitor app
on your machine, it could also terminate the exe, although that would arrouse
suspicion and potentially expose the app. Monitoring for window names is
quite simple and there are plenty of examples on the net, either by using the
window handle, or process list (WMI for example) would be easy.

I'm afraid there is no simple resolution to your problem, at least not that
i can think of, security is your main issue, and something that shoud be
addressed.

Mark

 

[Gerry O'Brien [MVP]]

You seem to miss one hurdle that is not easily overcome. The fact that the
students are in a class that teaches them to be admins, they must have admin
rights on the computers to allow them to function and learn correctly.

I have taught at two educational institutions that and I can tell you that
it is not a task that can be solved with AD and group policy. These
computers are not normally joined to a domain but rather the students create
their own domains etc.

The problem cannot be solved in an administrative way with AD and group
policy. If they were simply classroom computers that were part of a domain
and the students used domain accounts, certainly, then it is a no-brainer.
I don't believe that is the situation here.

 

[CJ Taylor]

Didn't understand they were teaching students to be admins...Just thought
they had admin access, which I have seen more than once where installers
just give everyone admin rights and students can do whatever.

Someone else mentioned using Virtual machines, or, just put these machines
on a separate segment of the network and upon reboot use something like
Ghost to refresh an image from a network share.

If your just doing test setups you don't really need internet access. I
took classes like this in college and they put us all on separate segments
for this exact reason. That and we were timed to see how quickly we could
get the project done, so no time for games Dr. Jones!

=)

You seem to miss one hurdle that is not easily overcome. The fact that the
students are in a class that teaches them to be admins, they must have admin
rights on the computers to allow them to function and learn correctly.

I have taught at two educational institutions that and I can tell you that
it is not a task that can be solved with AD and group policy. These
computers are not normally joined to a domain but rather the students create
their own domains etc.

The problem cannot be solved in an administrative way with AD and group
policy. If they were simply classroom computers that were part of a domain
and the students used domain accounts, certainly, then it is a no-brainer.
I don't believe that is the situation here.

--
Gerry O'Brien [MVP]
Visual Basic .NET(VB.NET)

Ok, this has been mentioned a lot before but you really need to lock down
your network. You don't need to custom write an app, if your using AD
(Which I think you said you were) then its no problem.

Sounds like your admin's have easily crackable passwords if their setting
up
their own domains...

Can't, don't know how to.... I don't know actully. Any way. They have a
firewall that blocks this kind of traffic, but this is only helpfull

when
it

comes to games over the internet, not localy played games.

/JCh

"CJ Taylor" <[cege] at [tavayn] dit commmmm> wrote in message
The IT department can't do anything???

Have they ever heard of a firewall?

Hi.

I got contacted by an old teacher today that works at a public shool here
in
Sweden. They have a ever groving problem with the students playing
Counter
Strike on the schools computers. Not only dose this pose a problem
with
bandwidth usage, but the fact that the Half-Life installations often are
not
licensed, and this puts the school in a tight position. Apperently the
schools IT department say that thay can't do anything to stop it from
there
point of view.

He asked me if I chould come up with a solution. So here is my idea:

I'm not that familiar with Couter Strike, but I belive that it's a client
server setup. Would it be possible to some how make a application that
listens after CS Servers and block/jam there traffic? I want to
disturb
the
CS traffic but not everything else?

I'm quite an experiensed programer, but in this case I have no clue where
to
start. All help is apprciated.

/Johan Ch

 

[BobJ]

The only thing that works is a combination of motivation and discipline.
The carrot and the stick in the classic sense. There is little if any
difference between this problem and other rules that are more often violated
than observed. What teen dance is without forbidden alcohol? These
students are the future of our world so teach them, motivate them, and when
necessary discipline them. Am I a teacher? No, just the father of four and
the grandfather of ten so I speak only from practical experience.
BobJ

Didn't understand they were teaching students to be admins...Just thought
they had admin access, which I have seen more than once where installers
just give everyone admin rights and students can do whatever.

Someone else mentioned using Virtual machines, or, just put these machines
on a separate segment of the network and upon reboot use something like
Ghost to refresh an image from a network share.

If your just doing test setups you don't really need internet access. I
took classes like this in college and they put us all on separate segments
for this exact reason. That and we were timed to see how quickly we could
get the project done, so no time for games Dr. Jones!

=)

You seem to miss one hurdle that is not easily overcome. The fact that the
students are in a class that teaches them to be admins, they must have admin
rights on the computers to allow them to function and learn correctly.

I have taught at two educational institutions that and I can tell you
that
it is not a task that can be solved with AD and group policy. These
computers are not normally joined to a domain but rather the students create
their own domains etc.

The problem cannot be solved in an administrative way with AD and group
policy. If they were simply classroom computers that were part of a domain
and the students used domain accounts, certainly, then it is a
no-brainer.
I don't believe that is the situation here.

--
Gerry O'Brien [MVP]
Visual Basic .NET(VB.NET)

Ok, this has been mentioned a lot before but you really need to lock down
your network. You don't need to custom write an app, if your using AD
(Which I think you said you were) then its no problem.

Sounds like your admin's have easily crackable passwords if their setting
up
their own domains...


Can't, don't know how to.... I don't know actully. Any way. They have
a
firewall that blocks this kind of traffic, but this is only helpfull when
it
comes to games over the internet, not localy played games.

/JCh

"CJ Taylor" <[cege] at [tavayn] dit commmmm> wrote in message
The IT department can't do anything???

Have they ever heard of a firewall?

Hi.

I got contacted by an old teacher today that works at a public
shool
here
in
Sweden. They have a ever groving problem with the students playing
Counter
Strike on the schools computers. Not only dose this pose a problem
with
bandwidth usage, but the fact that the Half-Life installations
often
are
not
licensed, and this puts the school in a tight position. Apperently the
schools IT department say that thay can't do anything to stop it from
there
point of view.

He asked me if I chould come up with a solution. So here is my
idea:

I'm not that familiar with Couter Strike, but I belive that it's a
client
server setup. Would it be possible to some how make a application that
listens after CS Servers and block/jam there traffic? I want to
disturb
the
CS traffic but not everything else?

I'm quite an experiensed programer, but in this case I have no clue
where
to
start. All help is apprciated.

/Johan Ch

 

[Gerry O'Brien [MVP]]

Timing, now that's a good idea as well.

--
Gerry O'Brien [MVP]
Visual Basic .NET(VB.NET)

Didn't understand they were teaching students to be admins...Just thought
they had admin access, which I have seen more than once where installers
just give everyone admin rights and students can do whatever.

Someone else mentioned using Virtual machines, or, just put these machines
on a separate segment of the network and upon reboot use something like
Ghost to refresh an image from a network share.

If your just doing test setups you don't really need internet access. I
took classes like this in college and they put us all on separate segments
for this exact reason. That and we were timed to see how quickly we could
get the project done, so no time for games Dr. Jones!

=)

You seem to miss one hurdle that is not easily overcome. The fact that the
students are in a class that teaches them to be admins, they must have admin
rights on the computers to allow them to function and learn correctly.

I have taught at two educational institutions that and I can tell you
that
it is not a task that can be solved with AD and group policy. These
computers are not normally joined to a domain but rather the students create
their own domains etc.

The problem cannot be solved in an administrative way with AD and group
policy. If they were simply classroom computers that were part of a domain
and the students used domain accounts, certainly, then it is a
no-brainer.
I don't believe that is the situation here.

--
Gerry O'Brien [MVP]
Visual Basic .NET(VB.NET)

Ok, this has been mentioned a lot before but you really need to lock down
your network. You don't need to custom write an app, if your using AD
(Which I think you said you were) then its no problem.

Sounds like your admin's have easily crackable passwords if their setting
up
their own domains...


Can't, don't know how to.... I don't know actully. Any way. They have
a
firewall that blocks this kind of traffic, but this is only helpfull when
it
comes to games over the internet, not localy played games.

/JCh

"CJ Taylor" <[cege] at [tavayn] dit commmmm> wrote in message
The IT department can't do anything???

Have they ever heard of a firewall?

Hi.

I got contacted by an old teacher today that works at a public
shool
here
in
Sweden. They have a ever groving problem with the students playing
Counter
Strike on the schools computers. Not only dose this pose a problem
with
bandwidth usage, but the fact that the Half-Life installations
often
are
not
licensed, and this puts the school in a tight position. Apperently the
schools IT department say that thay can't do anything to stop it from
there
point of view.

He asked me if I chould come up with a solution. So here is my
idea:

I'm not that familiar with Couter Strike, but I belive that it's a
client
server setup. Would it be possible to some how make a application that
listens after CS Servers and block/jam there traffic? I want to
disturb
the
CS traffic but not everything else?

I'm quite an experiensed programer, but in this case I have no clue
where
to
start. All help is apprciated.

/Johan Ch