NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] [fw-1] Instant Messenger bypass FW-1



> I don't mess with custom services much but if you're talking about diddling
> with this at the port level, AIM doesn't have any port dependencies that
> render it unique from other traffic.  Kill one and it goes looking for
> another, usually something well-defined like SMTP, Telnet, DNS, yadda yadda.
> While your point about denying everything unless "absoluely needed" is well
> taken, the point is that AIM will piggyback on one of those "absolutely
> needed" ports and at that point your only option is to blackhole the login
> servers.
The idea with absolutely needed services, is that clients on your network
never talk to external systems directly. Internal systems can only talk to
an internal DNS server, mail server or web proxy. Those servers are then
the ones that connect out to the Internet. As a result, software running
on the local client can never get out (The pre-requisite being a properly
configured proxy).

-Don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.