Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Chat/IM

From: Bryan Irvine <bryan.irvine () kingcountyjournal com>
Date: Tue, 13 Apr 2004 14:45:13 -0700
won't work.  the popular services (msn/aim,etc...) run the service on
all ports to make things easy to get on.  So If you blocked all but
those ports, the client would see that it can't connect and try a
different port, then it would just sign on to the same server it has
been, just on port 80.

You'd have to just be vigilant and block the servers, and whenever a new
one was turned on block that one too.  

No way to block it 100% but you can get close.

--Bryan

On Tue, 2004-04-13 at 14:03, Remko Lodder wrote:

Harper, Patrick wrote:

Use a proxy and only allow 80/443 and 21/20 ???



Does anyone have an effective way of blocking chat/IM? 

Krisa Rowland 
ERDC Information Assurance Team 




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: