Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Blocking Instant Messaging Applications

From: Murad Talukdar <talukdar_m () subway com>
Date: Thu, 24 Nov 2005 16:22:44 +1000
I think I'm able to block MSN and hopefully won't be able to use
web-versions or other IM(please let me know if my hope is false). Users who
shouldn't be using MSN cannot surf the net like normals because they have no
net access except for a few allowed sites.
Some users are allowed to use MSN(directors etc--you know the usual deal!).
So they have been schooled in what's safe and what's not.

Regards
Murad Talukdar

-----Original Message-----
From: Beauford, Jason [mailto:jbeauford () EightInOnePet com] 
Sent: Wednesday, November 23, 2005 6:26 AM
To: Gaddis, Jeremy L.; Alloishus BeauMains
Cc: security-basics () securityfocus com
Subject: RE: Blocking Instant Messaging Applications

Use DNS to resolve them (hostnames like oscar.aol.com) to a
local-non-existent address.

Or just block the associated outgoing ports at the firewall.

Or use a thirdparty filter like:

        SurfControl
        or
        Websense 

JMB

        |  -----Original Message-----
        |  From: Gaddis, Jeremy L. [mailto:jeremy () linuxwiz net] 
        |  Sent: Monday, November 21, 2005 8:04 PM
        |  To: Alloishus BeauMains
        |  Cc: security-basics () securityfocus com
        |  Subject: Re: Blocking Instant Messaging Applications
        |  
        |  Alloishus BeauMains wrote:
        |  > At the PIX or firewall, or wherever your ACLs are 
        |  kept, block incoming 
        |  > or outgoing traffic to oscar.aol.com, the 
        |  messenger login servers, 
        |  > trillian, yahoo, etc etc etc.
        |  
        |  Unfortunately, this method also has a great deal of 
        |  administrative overhead.  Do a lookup on 
        |  messenger.hotmail.com.  Do another lookup two weeks 
        |  from now.  A beer says that the IPs will differ.  
        |  Trying to keep up with this is futile.  If you don't 
        |  believe me, see MS KB Article
        |  #889829 
        |  (http://support.microsoft.com/default.aspx/kb/889829)
        |  .  I implemented this on February 13th.  It worked 
        |  for perhaps a month.
        |  
        |  Heck, just checked and that article isn't even 
        |  available anymore.  It's referenced at 
        |  http://www.microsoft.com/security/incident/im.mspx, 
        |  but clicking on the link gets you to an error page.
        |  
        |  Thanks,
        |  -j
        |  
        |  --
        |  Jeremy L. Gaddis, GCWN
        |  http://www.linuxwiz.net/
Previous By Date Next
Previous By Thread Next

Current thread: