Re: how to block ALL AIM traffic ?

["Gabriel Orozco" <gabriel_orozco () mx sumida com>]

Maybe if you sniff a AIM connection

you can check if they are using a MIME type or a string to Authenticate

then you can filter it on the firewall. not all the ports, but the
communication itself.

I use linux for the firewall and open only port 80 using Squid proxy +
squidGuard. it works well, but I have no user with AIM due to policy.

if any user tries to pass over the policy and install AIM, I would try to do
what I already wrote.

Regards

Gabriel Orozco
Sysadmin

----- Original Message -----
From: "Realized Mofo" <realized () gmail com>
To: <security-basics () securityfocus com>
Sent: Tuesday, April 26, 2005 6:32 PM
Subject: how to block ALL AIM traffic ?


I am at an office with 50~ machines , out of thoes about 20 or so use
AIM. I would like to block AIM and normally i'd just block the AIM
port (5190) or whatever it is..

BUT AOL seems to have found a great way around this and has 4000+
diffrent ports they use and i'd assume lots of diffrent hosts.


Whats the best way of blocking all AIM traffic ?