In the August issue of information security
magazine, they have a great article on Instant messaging. Unfortunately
they didn't tell me anything new :( I have been trying to block IM off and
on...but this article re-energized me. Here are the steps I have take so
far in an attempt to block AOL's AIM
Currently Blocking:
5190 tcp/udp
4443 tcp/udp
All traffic to login.oscar.aol.com (which is
64.12.x.x)
I've tried these rules:
Internal network
login.oscar.aol.com tcp/udp 53 tcp/udp 4443 tcp 5190 http/s
drop long
*Nice...it's using the DNS port, this thing is like
a Trojan, it will actually scan for open ports
Internal Network
login.oscar.aol.com ANY drop
long
What am I missing? Is there any reason a
reverse rule is needed?
Any info is appreciated,
-AD
|