RE: how to block ALL AIM traffic ?

["Rochford, Paul" <paul.rochford () hp com>]

Might work short term but most messaging programs now run over SSL or
TLS no that won't work long term. 

Kind Regards,
Paul Rochford 

-----Original Message-----
From: Gabriel Orozco [mailto:gabriel_orozco () mx sumida com] 
Sent: Wednesday, April 27, 2005 10:19 PM
To: Realized Mofo; security-basics () securityfocus com
Subject: Re: how to block ALL AIM traffic ?

Maybe if you sniff a AIM connection

you can check if they are using a MIME type or a string to Authenticate

then you can filter it on the firewall. not all the ports, but the
communication itself.

I use linux for the firewall and open only port 80 using Squid proxy +
squidGuard. it works well, but I have no user with AIM due to policy.

if any user tries to pass over the policy and install AIM, I would try
to do what I already wrote.

Regards

Gabriel Orozco
Sysadmin

----- Original Message -----
From: "Realized Mofo" <realized () gmail com>
To: <security-basics () securityfocus com>
Sent: Tuesday, April 26, 2005 6:32 PM
Subject: how to block ALL AIM traffic ?


I am at an office with 50~ machines , out of thoes about 20 or so use
AIM. I would like to block AIM and normally i'd just block the AIM port
(5190) or whatever it is..

BUT AOL seems to have found a great way around this and has 4000+
diffrent ports they use and i'd assume lots of diffrent hosts.


Whats the best way of blocking all AIM traffic ?