Security Basics mailing list archives
Re: how to block ALL AIM traffic ?
From: "Mark Cyprus" <Mark.Cyprus () paracominc com>
Date: Thu, 28 Apr 2005 11:46:50 -0500
Hi, The only way I know is Websense Enterprise Manager running in network sniffing mode. Though Websense was originally designed as a solution to block URLs, if you run it in network sniffing mode (and not as a firewall CVP) it also blocks protocols by signatures, not port. It works very well, we have no problems with it.
/boot <Slashboot () gmail com> 04/27/05 05:01PM >>>
Hello Realized Mofo wrote:
BUT AOL seems to have found a great way around this and has 4000+ diffrent ports they use and i'd assume lots of diffrent hosts. Whats the best way of blocking all AIM traffic ?
You deny all outgoing connections, then you accept only outgoing connections to the ports that you enable in your firewall config (http, ftp, ssh ?). But, I think that people can continue using AIMs with http only (there are some web sites giving this kind of service for free like http://www.e-messenger.net/). A host based firewall rule should handle that! Remember also that if you are opening ssh access, people can use ssh tunneling and bypass firewall rules. -- /boot
Current thread:
- Re: how to block ALL AIM traffic ?, (continued)
- Re: how to block ALL AIM traffic ? Ramon Kagan (Apr 28)
- Re: how to block ALL AIM traffic ? Bipin Gautam (Apr 28)
- Re: how to block ALL AIM traffic ? Times Enemy (Apr 28)
- RE: how to block ALL AIM traffic ? Evan Littmann (Apr 28)
- Re: how to block ALL AIM traffic ? Netops (Apr 28)
- Re: how to block ALL AIM traffic ? Markus Schabel (Apr 28)
- Re: how to block ALL AIM traffic ? Mark Owen (Apr 29)
- Re: how to block ALL AIM traffic ? david kuhlman (Apr 29)
- Re: how to block ALL AIM traffic ? H Carvey (Apr 28)
- RE: how to block ALL AIM traffic ? Rochford, Paul (Apr 28)
- Re: how to block ALL AIM traffic ? Mark Cyprus (Apr 29)
- RE: how to block ALL AIM traffic ? Joe Kanser (Apr 29)