[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
> I don't mess with custom services much but if you're talking about diddling > with this at the port level, AIM doesn't have any port dependencies that > render it unique from other traffic. Kill one and it goes looking for > another, usually something well-defined like SMTP, Telnet, DNS, yadda yadda. > While your point about denying everything unless "absoluely needed" is well > taken, the point is that AIM will piggyback on one of those "absolutely > needed" ports and at that point your only option is to blackhole the login > servers. The idea with absolutely needed services, is that clients on your network never talk to external systems directly. Internal systems can only talk to an internal DNS server, mail server or web proxy. Those servers are then the ones that connect out to the Internet. As a result, software running on the local client can never get out (The pre-requisite being a properly configured proxy). -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|