RE: How do i stop yahoo with netscreen.

["Security Basics" <security-basics () angrychair com>]

Try blocking:
port 5050
cs1.yahoo.com
cs2.yahoo.com
cs3.yayoo.com
scs.msg.yahoo.com

-----Original Message-----
From: iain [mailto:iain-lists () clear net nz]
Sent: Friday, August 29, 2003 12:24 AM
To: security-basics () securityfocus com
Subject: How do i stop yahoo with netscreen.


Hi all

been asked to block messenger programs on one of my sites, got msn, icq and
aol beat.

But yahoo tried everything, blocked 3 entire subnets and still no joy, any
ideas.
> From web searches this seems to be a hard one to stop, as it using multiple
subnets and ports.
Have used Judes recommendations in one of the archives with no success.
After doing this it slowed down login but that was it.

I am using a netscreen 5xp, blocking addresses and using the netscreen dns
to resolve the IP addresses.
I have all ports in denied, and all ports out apart from SMTP, pop3,
traceroute, ping, ftp, http, https, 3389 blocked.
The site has constant software changes so cant implement group policy.
And the site has some very clued up staff as they do basic IT support
themselves.
The Dns relay box, ADSL router does not keep dns logs and i don't have a
netscreen i can play with.

Where am i going wrong???

Thanks

Iain


To: SECURITY-BASICS
Subject: disallow ICQ and Yahoo Messenger through port 80
Date: Jul 4 2001 10:57AM
Author: <jude_2_naidoo sbphrd com>
Message-ID: <OFF653CAC2.ED9F92DA-ON80256A7F.00365E11 () ha uk sbphrd com>

Hi

Those wanting to disallow :

ICQ traffic, prevent all trafiic to login.icq.com
Yahoo messenger traffic, prevent all traffic to msg.edit.yahoo.com and
pgq.yahoo.com.

Thanks

Jude Naidoo


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------