Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] blocking msn and yahoo messenger

To: [email protected]
Subject: [FW-1] blocking msn and yahoo messenger
From: Leonardo Boulton <[email protected]>
Date: Tue, 27 Aug 2002 08:32:26 -0400
Importance: Normal
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I've tryed to block the msn and yahoo messenger with a FireWall-1 NG (FP1
and FP2).

First let's talk about the MSN Messenger: I saw the logs and found the port
1863 tcp. I bolcked it explicitly with a rule. Then I noticed that if the
messenger cann't connect through the port, it trys through port 80 (http),
to a server: something.msgr.hotmail.com.
So, my next move was to create a resource (wich I think is created wrong
because it doesn't work). I created a URI resorce named Hotmail, that blocks
http, selected PUT and GET, only checked transparent mode (i think the
mistake is there) for wildcards, and specified the host: *.msgr.hotmail.com,
path: *, query: *.
Then added a rule above the internet access rule. The source is the Proxy,
destination any, service http->hotmail.

I tested my procedure on an FP2 first, on a separate firewall that's not
conected. I mean, I tested it with just one machine and i thought it
worked!!. Afterwards I did the same thing with an NG FP1 firewall that is
connected to an Internal LAN. My sorprise was that the resource blocks
almost every http conection.

With the Yahoo messenger is even worse. It first tryes conecting through the
port 5050 wich I blocked, then tries via http, and if it is blocked aswell,
it goes for the telnet.... i have no idea how to block something like that.
Imagine if the user selects that he or she is behind a firewall on the
preferences!!!.

Napster was the same thing, it tested one port, if it was blocked, it tried
another one, and another one, until it finds an open port.

Any suggestions to block these two popular messengers?... I imagine this is
a well known topic, since it is in vogue here.

Thanks a lot.

Leonardo Boulton

Network Security Engineer
CyberTech Projects
web:    www.cybertechproject.com
email:  [email protected]
phone:  (cel:    (msn id: [email protected]
Caracas, Venezuela

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] blocking msn and yahoo messenger
  - From: Leonardo Boulton <[email protected]>

Prev by Date: [FW-1] Cellspacing
Next by Date: Re: [FW-1] Secure SMTP server used for spam relay
Previous by thread: [FW-1] Cellspacing
Next by thread: Re: [FW-1] blocking msn and yahoo messenger
Index(es):
- Date
- Thread