Re: how to block ALL AIM traffic ?

[Ramon Kagan <rkagan () yorku ca>]

HI,

I don't have AIM traffic on my network right now... but what I would do it
conduct a tcpdump, full packet capture (-s 0) for port 5190 traffic.  Then
I would inspect the payload for a pattern.  Once I have a pattern write a
filter/signature based on it to conduct the packet drop.

I was hoping to give you a signature or pattern, but we seem to be AIM
free here.

Ramon Kagan
York University, Computing and Network Services
Information Security  -  Senior Information Security Analyst
(416)736-2100 #20263
rkagan () yorku ca

-----------------------------------   ------------------------------------
I have not failed.  I have just        I don't know the secret to success,
found 10,000 ways that don't work.     but the secret to failure is
                                       trying to please everybody.
        - Thomas Edison                         - Bill Cosby
-----------------------------------   ------------------------------------

On Tue, 26 Apr 2005, Realized Mofo wrote:

> I am at an office with 50~ machines , out of thoes about 20 or so use
> AIM. I would like to block AIM and normally i'd just block the AIM
> port (5190) or whatever it is..
>
> BUT AOL seems to have found a great way around this and has 4000+
> diffrent ports they use and i'd assume lots of diffrent hosts.
>
>
> Whats the best way of blocking all AIM traffic ?