[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] those darn messengers...
yes, the problem seems to be that these %#$&@# messenger services can get through on port 80. This means that port blocking is not an option. Being pretty inexperienced in fw-1, i am looking to see if there is any other way of blocking this type of traffic. Is there any way on God's green earth the traffic can be scanned for content or application type and then blocked based on that? thanks, dean ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag ---- On Fri, 08 Feb 2002, Joe Pampel ([email protected]) wrote: > If you are using the generally reccommended explicit-permit type > rulebase* > you will not have this problem at all. (unless your users are using the > = > http version of > AIM I guess.. ) > You would have to enable the AOL port to get through.. For example > I have the opposite problem that you do: Loser that I am, I lost the > argument with mgt regarding use of AIM, so now I am trying to get it > to=20 > work! Even trying an "any any AOL accept" rule did not fix it.. > incoming > messages head for the AOL port but have random source ports. (so they > go splat..) PITA. I am not opening ports 1024 - 5000 or whatever so = > people=20 > can chat.=20 > I know, I'm a real jerk like that. ;-)=20 > > <rant> > What's the use of a FW when you can send files/virus/trojan etc via AIM? > Same problem with Bloomberg mail.. it can send attachements too. & no > = > way > to scan them... =20 > </rant> > > * where your rules are basically permitting the traffic you want, and > the last rule is any any any drop. (aka 'the cleanup rule') This is > IMHO = > the 'right' > way to build a rulebase.=20 > YMMV!=20 > > hth > > Joe > > >>> Dean Bishop <[email protected]> 02/08/02 08:31AM >>> > Good morning, > > i have been doing alot of searching and think that i have > come to the correct conclusion that there is currently no way > of blocking messenger services such as AIM and MSN Messenger > except by blocking access to the IP addresses for their servers. > > Can someone confirm this for me? > > thanks, > dean > > > ________________________________________________ > Get your own "800" number > Voicemail, fax, email, and a lot more > http://www.ureach.com/reg/tag=20 > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D=3D= > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D > To set vacation, Out Of Office, or away messages, > send an email to [email protected]=20 > in the BODY of the email add: > set fw-1-mailinglist nomail > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D=3D= > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D=3D= > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D > If you have any questions on how to change your > subscription options, email > [email protected]=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D=3D= > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D > > > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|