RE: Blocking Yahoo IM

["Stiennon,Richard" <richard.stiennon () gartner com>]

> From Al Berg's article at
http://www.infosecuritymag.com/articles/february01/cover.shtml


Blocking IM access

Preventing IM traffic from leaving the network is also difficult. Like
Napster, the major IM clients will work quite hard to find a port to exit
your LAN, using HTTP if they have to. AIM needs to connect to the host
login.oscar.aol.com in order to start up, so blocking traffic to this
destination will effectively shut it down. However, at press time, the name
login.oscar.aol. com points to the following IP addresses, according to a
DNS lookup:
205.188.7.172
205.188.7.176
205.188.7.164
205.188.7.168
You'll need to block all of these and check for any new servers on a regular
basis. Yahoo! Messenger can be blocked in a similar way, by killing off
outbound access to the hosts answering to the following names:
msg.edit.yahoo.com
edit.messenger.yahoo.com
csa.yahoo.com
csb.yahoo.com
csc.yahoo.com

Each of the above names resolves out to multiple IP addresses-and, of
course, Yahoo! can add new addresses at any time, making it an ongoing
battle.
MSN Messenger can be blocked by blocking IP access to the Hotmail network
range-64.4.0.0 through 64.4.63.255. Interestingly, this does not seem to
totally block access to Hotmail's Web-based mail service.


-Richard Stiennon

-----Original Message-----
From: Wieczorek, Eric SPC NE-ARNG
[mailto:Eric.Wieczorek () ne ngb army mil]
Sent: Monday, April 15, 2002 1:35 PM
To: 'firewall-wizards () nfr net'
Subject: [fw-wiz] Blocking Yahoo IM


Would anyone know what specific IP's or ports I need to block on my PIX to
keep users from making use of Yahoo IM??

Thank-you.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards