[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
No disagreement here. The point that I was trying to make to Dimitri was that at a service level I don't think there's a way to tackle this. If you get into proxying or some of the arguably non-firewall firewall add-ons, etc., ayup, there are some answers. But I think Dimitri proposed using a custom service in the security policy, which I don't think is going to work due to a still-inherent port dependency (unless there's something I'm missing, and I may well be). -----Original Message----- From: Don [mailto:[email protected]] Sent: Thursday, June 13, 2002 3:05 PM To: [email protected] Subject: Re: [FW-1] [fw-1] Instant Messenger bypass FW-1 > So we're talking about utlizing proxy functionality, not (in reference > to the post from Dimitri that actually prompted the reply you're > quoting me > from) firewall functionality, as I think *he* was describing. > > Right? I wasn't talking about any functionality in particular. Just saying that IM clients can't do anything if we block their access to the rest of the Internet. > > Telnet, DNS, yadda yadda. While your point about denying everything > > unless "absoluely needed" is well taken, the point is that AIM will > > piggyback on one of those "absolutely needed" ports and at that > > point your only option is to blackhole the login servers. This is the comment I was addressing specifically. If you don't allow workstations to do DNS lookups, or direct SMTP, then there will be no holes for clients like AIM to exploit. -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|