Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] yahoo blocking

To: [email protected]
Subject: Re: [FW-1] yahoo blocking
From: "MALIN, ALEX (PB)" <[email protected]>
Date: Mon, 10 Dec 2001 08:07:49 -0800
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

You can block Yahoo, AOL, ICQ, and MS messengers with 2 rules, 1 that blocks
the default ports, and 1 that blocks traffic from the Yahoo and MS servers
involved. I recommend putting all the servers in a group for this second
rule. Blocking only the default ports isn't enough, because messenger
services spawn messages on ports typically open thru the firewall (80, 25,
etc) until they find one that lets the messages thru. The tricky part is
getting all the servers into this group. These guys change IPs on occasion,
so you have to stay on top of it, checking your logs every now and then.
Using the log viewer, you can isolate the IPs involved. An easy way to do
this is by first disabling the rule that blocks default ports, then
filtering for traffic on these ports.

Below is a list of servers to block. This list was current a couple of
months ago.

Alex Malin

AOL IM
login.oscar.aol.com
Default Port: 5190
205.188.3.160
205.188.3.176
205.188.5.204
205.188.5.208
205.188.7.164
205.188.7.168
205.188.7.172
205.188.7.176
205.188.179.233
205.188.9.201
64.12.26.12
64.12.27.144
64.12.161.185

ICQ
login.icq.com
Default Port: 5190
64.12.162.57
205.188.179.233

MSN
messenger.hotmail.com
64.4.13.17

Yahoo
cs.yahoo.com
Default Port: 5050
216.136.175.145
216.136.224.213
216.136.224.214
216.136.225.11
216.136.225.12
216.136.225.35
216.136.225.36
216.136.225.83
216.136.225.84
216.136.226.117
216.136.226.118
216.136.131.93
216.136.175.142
216.136.175.143
216.136.175.144


-----Original Message-----
From: Tyler Beard [mailto:[email protected]]
Sent: Wednesday, December 05, 2001 8:18 PM
To: [email protected]
Subject: [FW-1] yahoo blocking


Hi all,
I'm trying to block Yahoo Messenger on our network and found the FAQ
relating to this topic:  http://www.phoneboy.com/faq/0367.html. I am newbie
to checkpoint and was wondering if anyone would be kind enough to explain
and give examples of how its setup especially with the point:  "Exclude
access to key servers via a URI Resource".

Many Thanks
Tyler

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
If you have any questions on how to change your
subscription options, email Ron Alcatraz at:
[email protected]
=================================================

Prev by Date: Re: [FW-1] Email Virus Protection
Next by Date: Re: [FW-1] new virus (?)
Previous by thread: [FW-1] yahoo blocking
Next by thread: Re: [FW-1] yahoo blocking
Index(es):
- Date
- Thread