[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
> So we're talking about utlizing proxy functionality, not (in reference to > the post from Dimitri that actually prompted the reply you're quoting me > from) firewall functionality, as I think *he* was describing. > > Right? I wasn't talking about any functionality in particular. Just saying that IM clients can't do anything if we block their access to the rest of the Internet. > > Telnet, DNS, yadda yadda. While your point about denying everything > > unless "absoluely needed" is well taken, the point is that AIM will > > piggyback on one of those "absolutely needed" ports and at that point > > your only option is to blackhole the login servers. This is the comment I was addressing specifically. If you don't allow workstations to do DNS lookups, or direct SMTP, then there will be no holes for clients like AIM to exploit. -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|