RE: [FW1] Blocking access to Hotmail.com

[Chris Arnold <chris.arnold@FW1-NOSPAMWheelHouse.com>]

Would this work, Juan?  I don't have a Hotmail account so I can test but it
seems to me that by blocking the hosts corresponding to the MX records in
DNS we assume that the HTML forms used by Hotmail POST/GET directly to the
mail relays.  

If this is true, then by blocking outbound access (TCP 80 and 443) to the
Hotmail mail exchangers in your FW rules _should_ work, as you pointed out.
This seems like a pretty insecure way of handling it though on their end and
I assumed that the Hotmail folks would have CGIs on webservers that run some
sanity checks on the input before queuing the messages for the SMTP servers
to handle.

I'm just guessing though.  Blocking inbound access to the MX records will
certainly prevent any Hotmail-originating messages from reaching your users
though.

Chris

-----Original Message-----
From: Juan Concepcion [mailto:juanconcepcion@earthlink.net]
Sent: Monday, May 21, 2001 11:28 PM
To: jkhan@publicintegrity.org;
fw-1-mailinglist@beethoven.us.checkpoint.com
Subject: RE: [FW1] Blocking access to Hotmail.com



Do an nslookup of their address.  Set they type=mx and you will get the ip's
of all of their servers.  What you will then have to do is create objects
for these ip's and then create a rule dropping traffic from/to those sites.

just my .02 cents

FYI...I believe that all e-mail coming through hotmail is scanned and
cleaned.  Even if a virus is detected/cleaned you still get the message that
a virus was detected.

Juan Concepcion
Network Engineer/Security Consultant
CCSA/CCSE
E-Mail: juanconcepcion@earthlink.net


-----Original Message-----
From: owner-fw-1-mailinglist@lists.us.checkpoint.com
[mailto:owner-fw-1-mailinglist@lists.us.checkpoint.com]On Behalf Of
jkhan@publicintegrity.org
Sent: Monday, May 21, 2001 12:27 PM
To: fw-1-mailinglist@beethoven.us.checkpoint.com
Subject: [FW1] Blocking access to Hotmail.com



Hello,

I have FW-1 4.1 SP2 running on a NT 4 SP6a server, things are fine.  I
wanted to know if there is a way for me to block access to www.hotmail.com ?
I keep on getting a VBS_KAKWORM.A virus alert on several machines that
access Hotmail.  The users are not opening any attachments, just the e-mail.
I wanted to temporary turn off access to Hotmail, is there a way for me to
do that? Thanks!

Javed


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================