| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] blocking msn and yahoo messenger
- To: [email protected]
- Subject: Re: [FW-1] blocking msn and yahoo messenger
- From: Tim Holman <[email protected]>
- Date: Wed, 28 Aug 2002 15:02:45 +0100
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcJN0QUDBtBJ2qnmQWu/hiEPeascfAAykDfQ
- Thread-topic: [FW-1] blocking msn and yahoo messenger
The best way to block these is to block access to the actual messenger
servers. These are listed on www.phoneboy.com.
Creating a URI resource will simply slow things down, as all HTTP
traffic will need to be taken apart and checked.
-----Original Message-----
From: Leonardo Boulton [mailto:[email protected]]
Sent: 27 August 2002 13:32
To: [email protected]
Subject: [FW-1] blocking msn and yahoo messenger
I've tryed to block the msn and yahoo messenger with a FireWall-1 NG
(FP1
and FP2).
First let's talk about the MSN Messenger: I saw the logs and found the
port
1863 tcp. I bolcked it explicitly with a rule. Then I noticed that if
the
messenger cann't connect through the port, it trys through port 80
(http),
to a server: something.msgr.hotmail.com.
So, my next move was to create a resource (wich I think is created wrong
because it doesn't work). I created a URI resorce named Hotmail, that
blocks
http, selected PUT and GET, only checked transparent mode (i think the
mistake is there) for wildcards, and specified the host:
*.msgr.hotmail.com,
path: *, query: *.
Then added a rule above the internet access rule. The source is the
Proxy,
destination any, service http->hotmail.
I tested my procedure on an FP2 first, on a separate firewall that's not
conected. I mean, I tested it with just one machine and i thought it
worked!!. Afterwards I did the same thing with an NG FP1 firewall that
is
connected to an Internal LAN. My sorprise was that the resource blocks
almost every http conection.
With the Yahoo messenger is even worse. It first tryes conecting through
the
port 5050 wich I blocked, then tries via http, and if it is blocked
aswell,
it goes for the telnet.... i have no idea how to block something like
that.
Imagine if the user selects that he or she is behind a firewall on the
preferences!!!.
Napster was the same thing, it tested one port, if it was blocked, it
tried
another one, and another one, until it finds an open port.
Any suggestions to block these two popular messengers?... I imagine this
is
a well known topic, since it is in vogue here.
Thanks a lot.
Leonardo Boulton
Network Security Engineer
CyberTech Projects
web: www.cybertechproject.com
email: [email protected]
phone: (cel: (msn id: [email protected]
Caracas, Venezuela
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
Dimension Data mail system for the presence of computer viruses.
www.uk.didata.com
**********************************************************************
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
