[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] blocking msn and yahoo messenger
The best way to block these is to block access to the actual messenger servers. These are listed on www.phoneboy.com. Creating a URI resource will simply slow things down, as all HTTP traffic will need to be taken apart and checked. -----Original Message----- From: Leonardo Boulton [mailto:[email protected]] Sent: 27 August 2002 13:32 To: [email protected] Subject: [FW-1] blocking msn and yahoo messenger I've tryed to block the msn and yahoo messenger with a FireWall-1 NG (FP1 and FP2). First let's talk about the MSN Messenger: I saw the logs and found the port 1863 tcp. I bolcked it explicitly with a rule. Then I noticed that if the messenger cann't connect through the port, it trys through port 80 (http), to a server: something.msgr.hotmail.com. So, my next move was to create a resource (wich I think is created wrong because it doesn't work). I created a URI resorce named Hotmail, that blocks http, selected PUT and GET, only checked transparent mode (i think the mistake is there) for wildcards, and specified the host: *.msgr.hotmail.com, path: *, query: *. Then added a rule above the internet access rule. The source is the Proxy, destination any, service http->hotmail. I tested my procedure on an FP2 first, on a separate firewall that's not conected. I mean, I tested it with just one machine and i thought it worked!!. Afterwards I did the same thing with an NG FP1 firewall that is connected to an Internal LAN. My sorprise was that the resource blocks almost every http conection. With the Yahoo messenger is even worse. It first tryes conecting through the port 5050 wich I blocked, then tries via http, and if it is blocked aswell, it goes for the telnet.... i have no idea how to block something like that. Imagine if the user selects that he or she is behind a firewall on the preferences!!!. Napster was the same thing, it tested one port, if it was blocked, it tried another one, and another one, until it finds an open port. Any suggestions to block these two popular messengers?... I imagine this is a well known topic, since it is in vogue here. Thanks a lot. Leonardo Boulton Network Security Engineer CyberTech Projects web: www.cybertechproject.com email: [email protected] phone: (cel: (msn id: [email protected] Caracas, Venezuela ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by Dimension Data mail system for the presence of computer viruses. www.uk.didata.com ********************************************************************** ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|