Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Messenger

To: [email protected]
Subject: Re: [FW-1] Messenger
From: "Delacruz, Neil" <[email protected]>
Date: Mon, 15 Oct 2001 17:10:40 -0400
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Title: RE: [FW-1] Messenger

the hostname login.oscar.aol.com (AOL IM) resolves to at least 8 IP addresses:

205.188.3.160
205.188.3.176
205.188.5.204
205.188.5.208
205.188.7.172
205.188.7.176
205.188.7.164
205.188.7.168

for MSN Messenger, as far as I know, resolves to just one IP:
207.46.183.253 (messenger.msn.com)

there may be a better way to block this, but what I did was I created a workstation obj and in the NAME field of the WORKSTATION PROPERTIES dialog box I typed login.oscar.aol.com. click the CHECK NAME button, and write the IP address it resolves to. repeat this process until you get all of the IP addresses. you will know you got them all when the addresses start to repeat themselves. then I created a workstation obj for each IP, created a group called RESTRICTED SITES (or AIM or whatever), and drop all of these w/s objects into that group. add the group to your rulebase

(INTERNAL_NET | RESTRICTED_SITES | ANY | DROP )

hope this helps.

regards,

Neil Delacruz
MCSE, CCNA, CCSE

-----Original Message-----
From: Aeon Hale [mailto:[email protected]]
Sent: Monday, October 15, 2001 3:06 PM
To: [email protected]
Subject: Re: [FW-1] Messenger

you can block login.oscar.aol.com...this seems to work.

-----Original Message-----
From: erik witkop [mailto:[email protected]]
Sent: Monday, October 15, 2001 1:32 PM
To: [email protected]
Subject: Re: [FW-1] Messenger

in the app itself, in the setup section, it says it uses tcp 5190.

Erik Witkop
Boston, MA

>From: Kevin Lundy <[email protected]>
>Reply-To: Mailing list for discussion of Firewall-1
><[email protected]>
>To: [email protected]
>Subject: Re: [FW-1] Messenger
>Date: Mon, 15 Oct 2001 11:15:55 -0400
>
>That will only work temporarily. AIM and I'm pretty sure MSN Messenger
>will
>attempt to use almost any port.
>
>-----Original Message-----
>From: erik witkop [mailto:[email protected]]
>Sent: Monday, October 15, 2001 10:57 AM
>To: [email protected]
>Subject: Re: [FW-1] Messenger
>
>
>A quick way to get the port #, launch the app on a windows box, and
then do
>a "netstat -a" at a DOS prompt.
>
>Erik Witkop
>Boston, MA
>For Drug Testing Kits
>please visit:
>http://www.abatekmedical.com
>
>
>
>
> >From: Muhammed Riyas Kunhi <[email protected]>
> >Reply-To: Mailing list for discussion of Firewall-1
> ><[email protected]>
> >To: [email protected]
> >Subject: [FW-1] Messenger
> >Date: Sat, 13 Oct 2001 14:08:21 +0400
> >
> >Dear Friends,
> >
> >How do I Block MSN Messenger Services
> >
> >Thanks
> >
> >===============================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >===============================================
>
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp
>
>===============================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>===============================================
>
>===============================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>===============================================

_________________________________________________________________
Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

This message originated from the Internet. Its originator may or may not be who they
claim to be and the information contained herein may or may not be accurate.
Remember that the most common way to spread a virus is through email attachments.
If you are suspicious about any attachment, please contact your IT department at
before you open the attached file.
Thank You.




Reminder:  E-mail sent through the Internet is not secure.
Do not use e-mail to send confidential information
such as credit card numbers, changes of address, PIN
numbers, passwords or other important information.
Do not e-mail orders to buy or sell securities, transfer
funds or send time sensitive instructions. We will not
accept these orders or instructions.  This e-mail is not
an official trade confirmation for transactions executed
for your account.  Your e-mail message is not private in
that it is subject to review by Shochet Securities, its officers,
agents and employees.

Prev by Date: Re: [FW-1] a real newbie question, forgive me...
Next by Date: Re: [FW-1] Firewall and RH 7.0
Previous by thread: Re: [FW-1] Messenger
Next by thread: Re: [FW-1] Messenger
Index(es):
- Date
- Thread