[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] Blocking access to Hotmail.com
I believe that it would because when you open up the log viewer and you
take of the option to resolve you see the actual ip's of those hosts.
Where name resolution is taking place the moment the firewall sees a
request coming from/going to the site specified in the rule to drop
communication to/from that's exactly what it will do. I'll test and
let you know.
On Wednesday 23 May 2001 11:37 am, Chris Arnold wrote:
> Would this work, Juan? I don't have a Hotmail account so I can test
> but it seems to me that by blocking the hosts corresponding to the MX
> records in DNS we assume that the HTML forms used by Hotmail POST/GET
> directly to the mail relays.
>
> If this is true, then by blocking outbound access (TCP 80 and 443) to
> the Hotmail mail exchangers in your FW rules _should_ work, as you
> pointed out. This seems like a pretty insecure way of handling it
> though on their end and I assumed that the Hotmail folks would have
> CGIs on webservers that run some sanity checks on the input before
> queuing the messages for the SMTP servers to handle.
>
> I'm just guessing though. Blocking inbound access to the MX records
> will certainly prevent any Hotmail-originating messages from reaching
> your users though.
>
> Chris
>
> -----Original Message-----
> From: Juan Concepcion [mailto:[email protected]]
> Sent: Monday, May 21, 2001 11:28 PM
> To: [email protected];
> [email protected]
> Subject: RE: [FW1] Blocking access to Hotmail.com
>
>
>
> Do an nslookup of their address. Set they type=mx and you will get
> the ip's of all of their servers. What you will then have to do is
> create objects for these ip's and then create a rule dropping traffic
> from/to those sites.
>
> just my .02 cents
>
> FYI...I believe that all e-mail coming through hotmail is scanned and
> cleaned. Even if a virus is detected/cleaned you still get the
> message that a virus was detected.
>
> Juan Concepcion
> Network Engineer/Security Consultant
> CCSA/CCSE
> E-Mail: [email protected]
>
>
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]On Behalf Of
> [email protected]
> Sent: Monday, May 21, 2001 12:27 PM
> To: [email protected]
> Subject: [FW1] Blocking access to Hotmail.com
>
>
>
> Hello,
>
> I have FW-1 4.1 SP2 running on a NT 4 SP6a server, things are fine.
> I wanted to know if there is a way for me to block access to
> www.hotmail.com ? I keep on getting a VBS_KAKWORM.A virus alert on
> several machines that access Hotmail. The users are not opening any
> attachments, just the e-mail. I wanted to temporary turn off access
> to Hotmail, is there a way for me to do that? Thanks!
>
> Javed
>
>
> =====================================================================
>======= ====
> To unsubscribe from this mailing list, please see the
> instructions at http://www.checkpoint.com/services/mailing.html
> =====================================================================
>======= ====
>
>
>
> =====================================================================
>======= ====
> To unsubscribe from this mailing list, please see the
> instructions at http://www.checkpoint.com/services/mailing.html
> =====================================================================
>======= ====
>
>
> =====================================================================
>=========== To unsubscribe from this mailing list, please see the
> instructions at http://www.checkpoint.com/services/mailing.html
> =====================================================================
>===========
--
Juan Concepcion
Network Engineer/Security Consultant
CCSA/CCSE Certified
[email protected]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================