|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] those darn messengers... (and other scary services)
You can try finding the IP address of the login servers for the different IM providers and just block all access to those IP address. People have used that for blocking AOL IM. The procedure should work for the others as well. You have to find ALL the IP address of the servers that the clients login to and block all activity to them. I know AOL was using login.oscar.aol.com or something. Its not the best solution, but it should work. There are a lot of scary things out there right now that Firewall admins don't have any control of anymore. They have 'pcanywhere' type remote control software that you setup on your PC. It logs into a server on the internet over a normal port 80 or what ever port you want to use. Then you connect to that service providers site and take over remote control of your PC... Firewall admins were at one time able to keep better control over their environments, but not anymore. With people writing applications that can use any ports we don't have a good method anymore of protecting ourselves. The application programmers have taken control out of the security engineers hands. So much for people sticking to the correct use of the internet port structure that has been in place for so many years. Written security policies can only go so far... Goodluck; will -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Dean Bishop Sent: Friday, February 08, 2002 11:44 AM To: [email protected] Subject: Re: [FW-1] those darn messengers... yes, the problem seems to be that these %#$&@# messenger services can get through on port 80. This means that port blocking is not an option. Being pretty inexperienced in fw-1, i am looking to see if there is any other way of blocking this type of traffic. Is there any way on God's green earth the traffic can be scanned for content or application type and then blocked based on that? thanks, dean ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag ---- On Fri, 08 Feb 2002, Joe Pampel ([email protected]) wrote: > If you are using the generally reccommended explicit-permit type > rulebase* > you will not have this problem at all. (unless your users are using the > = > http version of > AIM I guess.. ) > You would have to enable the AOL port to get through.. For example > I have the opposite problem that you do: Loser that I am, I lost the > argument with mgt regarding use of AIM, so now I am trying to get it > to=20 > work! Even trying an "any any AOL accept" rule did not fix it.. > incoming > messages head for the AOL port but have random source ports. (so they > go splat..) PITA. I am not opening ports 1024 - 5000 or whatever so = > people=20 > can chat.=20 > I know, I'm a real jerk like that. ;-)=20 > > <rant> > What's the use of a FW when you can send files/virus/trojan etc via AIM? > Same problem with Bloomberg mail.. it can send attachements too. & no > = > way > to scan them... =20 > </rant> > > * where your rules are basically permitting the traffic you want, and > the last rule is any any any drop. (aka 'the cleanup rule') This is > IMHO = > the 'right' > way to build a rulebase.=20 > YMMV!=20 > > hth > > Joe > > >>> Dean Bishop <[email protected]> 02/08/02 08:31AM >>> > Good morning, > > i have been doing alot of searching and think that i have > come to the correct conclusion that there is currently no way > of blocking messenger services such as AIM and MSN Messenger > except by blocking access to the IP addresses for their servers. > > Can someone confirm this for me? > > thanks, > dean > > > ________________________________________________ > Get your own "800" number > Voicemail, fax, email, and a lot more > http://www.ureach.com/reg/tag=20 > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D=3D= > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D > To set vacation, Out Of Office, or away messages, > send an email to [email protected]=20 > in the BODY of the email add: > set fw-1-mailinglist nomail > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D=3D= > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D=3D= > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D > If you have any questions on how to change your > subscription options, email > [email protected]=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D=3D= > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D > > > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
