NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] blocking Instant Messaging (AOL's AIM)



Everyone,
  This has been an ongoing issue at my centre, and I suggest checking the log-in schemes every six months or so.  Opening up the ports for yourself, log in as yourself, and watch the firewall/gateway logs.  Instant Messenger applications have been known to move servers or change IP addresses to thwart people like us trying to block these application.  Also, watch for web based interfaces to the Instant Messenger applications.  If there is a way around a system, people will find it!  i.e., www.icq.com/icqwebbie
 
Rob
 
 
 
 

[Robert Woods] 
 -----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Security Guy
Sent: Monday, August 19, 2002 9:25 AM
To: [email protected]
Subject: [FW-1] blocking Instant Messaging (AOL's AIM)

In the August issue of information security magazine, they have a great article on Instant messaging.  Unfortunately they didn't tell me anything new :(  I have been trying to block IM off and on...but this article re-energized me.  Here are the steps I have take so far in an attempt to block AOL's AIM
 
Currently Blocking:
5190 tcp/udp
4443 tcp/udp
All traffic to login.oscar.aol.com (which is 64.12.x.x)
 
I've tried these rules:
 
Internal network     login.oscar.aol.com    tcp/udp 53 tcp/udp 4443 tcp 5190 http/s     drop    long
*Nice...it's using the DNS port, this thing is like a Trojan, it will actually scan for open ports
 
Internal Network    login.oscar.aol.com      ANY    drop long
 
What am I missing?  Is there any reason a reverse rule is needed? 
 
Any info is appreciated,
 
-AD
 
 


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.