Security Basics mailing list archives

Re: how to block ALL AIM traffic ?

From: Times Enemy <times () krr org>
Date: Thu, 28 Apr 2005 02:10:29 -0700

Greetings.

Ideally, remove the application(s) from the machines. This can be donemanually, or through policies. If that is not feasible, then filter thetraffic at the gateway. Filtering the traffic is dependent on the typeof ids/firewall/switch/router configuration(s) being used. I suggestyou do both, remove the software, and filter the aim traffic.

Be familiar with the various types of transmissions/packets used byAIM. An easy way to do this is to fire up Ethereal, and watchspecifically for AIM traffic.


http://www.google.com

.times enemy


Realized Mofo wrote:

I am at an office with 50~ machines , out of thoes about 20 or so use
AIM. I would like to block AIM and normally i'd just block the AIM
port (5190) or whatever it is..

BUT AOL seems to have found a great way around this and has 4000+
diffrent ports they use and i'd assume lots of diffrent hosts.


Whats the best way of blocking all AIM traffic ?

Current thread:

how to block ALL AIM traffic ? Realized Mofo (Apr 27)
- Re: how to block ALL AIM traffic ? Gabriel Orozco (Apr 28)
- Re: how to block ALL AIM traffic ? /boot (Apr 28)
- Re: how to block ALL AIM traffic ? Ramon Kagan (Apr 28)
- Re: how to block ALL AIM traffic ? Bipin Gautam (Apr 28)
- Re: how to block ALL AIM traffic ? Times Enemy (Apr 28)
- RE: how to block ALL AIM traffic ? Evan Littmann (Apr 28)
- Re: how to block ALL AIM traffic ? Netops (Apr 28)
- Re: how to block ALL AIM traffic ? Markus Schabel (Apr 28)
- Re: how to block ALL AIM traffic ? Mark Owen (Apr 29)
- Re: how to block ALL AIM traffic ? david kuhlman (Apr 29)
- <Possible follow-ups>
- Re: how to block ALL AIM traffic ? H Carvey (Apr 28)
- RE: how to block ALL AIM traffic ? Rochford, Paul (Apr 28)
- Re: how to block ALL AIM traffic ? Mark Cyprus (Apr 29)
- RE: how to block ALL AIM traffic ? Joe Kanser (Apr 29)