Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] [fw-1] Instant Messenger bypass FW-1

To: [email protected]
Subject: Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
From: "Chontzopoulos, Dimitris" <[email protected]>
Date: Fri, 14 Jun 2002 09:51:23 +0300
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Title: RE: [FW-1] [fw-1] Instant Messenger bypass FW-1

What I was trying to point out is that one (maybe, I don't know for sure) could define a Service of (Services), (New), (Other) if and only if he/she knows how to use Inspect Script language and fire up a network monitor to capture AIM packets so as to come up with a pattern used every time the AIM tries to connect. Afterwards, putting a rule like (ANY)-(ANY)-(CustomAIMService)-(DROP)-(Long) he/she could finally block the AIM client. But this is not the best practise. The best practise is what I wrote in my previous posts.

Cheers,

Dimitris

-----Original Message-----
From: Russell Washington [mailto:[email protected]]
Sent: Friday, June 14, 2002 2:11 AM
To: [email protected]
Subject: Re: [FW-1] [fw-1] Instant Messenger bypass FW-1

No disagreement here. The point that I was trying to make to Dimitri was
that at a service level I don't think there's a way to tackle this. If you
get into proxying or some of the arguably non-firewall firewall add-ons,
etc., ayup, there are some answers. But I think Dimitri proposed using a
custom service in the security policy, which I don't think is going to work
due to a still-inherent port dependency (unless there's something I'm
missing, and I may well be).

-----Original Message-----
From: Don [mailto:[email protected]]
Sent: Thursday, June 13, 2002 3:05 PM
To: [email protected]
Subject: Re: [FW-1] [fw-1] Instant Messenger bypass FW-1

> So we're talking about utlizing proxy functionality, not (in reference
> to the post from Dimitri that actually prompted the reply you're
> quoting me
> from) firewall functionality, as I think *he* was describing.
>
> Right?
I wasn't talking about any functionality in particular. Just saying that IM
clients can't do anything if we block their access to the rest of the
Internet.

> > Telnet, DNS, yadda yadda. While your point about denying everything
> > unless "absoluely needed" is well taken, the point is that AIM will
> > piggyback on one of those "absolutely needed" ports and at that
> > point your only option is to blackhole the login servers.
This is the comment I was addressing specifically. If you don't allow
workstations to do DNS lookups, or direct SMTP, then there will be no holes
for clients like AIM to exploit.

-Don

Prev by Date: [FW-1] CCSA 156-205 Validity
Next by Date: Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
Previous by thread: Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
Next by thread: Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
Index(es):
- Date
- Thread