|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] blocking msn and yahoo messenger
OK... confirmed!!!... it works great with NG FP2... it blocks MSN Messenger... the resource is fine, but it just doesn't want to work with FP!... Any suggestions?. > -----Mensaje original----- > De: Leonardo Boulton [mailto:[email protected]] > Enviado el: Tuesday, August 27, 2002 8:32 AM > Para: FW-1-MAILINGLIST > Asunto: blocking msn and yahoo messenger > > I've tryed to block the msn and yahoo messenger with a FireWall-1 NG (FP1 > and FP2). > > First let's talk about the MSN Messenger: I saw the logs and found the > port 1863 tcp. I bolcked it explicitly with a rule. Then I noticed that if > the messenger cann't connect through the port, it trys through port 80 > (http), to a server: something.msgr.hotmail.com. > So, my next move was to create a resource (wich I think is created wrong > because it doesn't work). I created a URI resorce named Hotmail, that > blocks http, selected PUT and GET, only checked transparent mode (i think > the mistake is there) for wildcards, and specified the host: > *.msgr.hotmail.com, path: *, query: *. > Then added a rule above the internet access rule. The source is the Proxy, > destination any, service http->hotmail. > > I tested my procedure on an FP2 first, on a separate firewall that's not > conected. I mean, I tested it with just one machine and i thought it > worked!!. Afterwards I did the same thing with an NG FP1 firewall that is > connected to an Internal LAN. My sorprise was that the resource blocks > almost every http conection. > > With the Yahoo messenger is even worse. It first tryes conecting through > the port 5050 wich I blocked, then tries via http, and if it is blocked > aswell, it goes for the telnet.... i have no idea how to block something > like that. Imagine if the user selects that he or she is behind a firewall > on the preferences!!!. > > Napster was the same thing, it tested one port, if it was blocked, it > tried another one, and another one, until it finds an open port. > > Any suggestions to block these two popular messengers?... I imagine this > is a well known topic, since it is in vogue here. > > Thanks a lot. > > Leonardo Boulton > > Network Security Engineer > CyberTech Projects > web: www.cybertechproject.com > email: [email protected] > phone: (> cel: (> msn id: [email protected] > Caracas, Venezuela > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
