Your second rule:
Internal
Network login.oscar.aol.com
ANY drop long
is how we have blocked AIM here where login.oscar.aol.com is the network range
of 205.188.7.0.
That has worked great for us. Your
network of 64.12.x.x may be what
you need to use. Sometimes the ranges are location specific. The locationof the
rule in the rulebase is also important – closer to the top.
Cheers,
Chris
-----Original
Message-----
From: Security Guy
[mailto:[email protected]]
Sent: August
19, 2002 9:25
AM
To:
[email protected]
Subject: [FW-1] blocking Instant
Messaging (AOL's AIM)
In the August issue of information
security magazine, they have a great article on Instant messaging.
Unfortunately they didn't tell me anything new :( I have been trying to
block IM off and on...but this article re-energized me. Here are the
steps I have take so far in an attempt to block AOL's AIM
All traffic to login.oscar.aol.com
(which is 64.12.x.x)
Internal
network login.oscar.aol.com tcp/udp
53 tcp/udp 4443 tcp 5190 http/s drop long
*Nice...it's using the DNS port,
this thing is like a Trojan, it will actually scan for open ports
Internal Network login.oscar.aol.com
ANY drop long
What am I missing? Is there
any reason a reverse rule is needed?