Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: how to block ALL AIM traffic ?

From: "Evan Littmann" <evan () 2-roads net>
Date: Wed, 27 Apr 2005 16:11:55 -0700
Best way? I'm not sure, but an application layer firewall would work nicely.

If you are already running Squid, this might be of interest to you. You can
probably ignore most of it since you only want to block AIM.

http://www.squid-cache.org/mail-archive/squid-users/200407/0210.html

I don't really know of any other way to do it without causing hassles.
Reactive firewall rules that stop all outbound traffic from a client for a
set period of time once that client tries to access 5190 is the first thing
that comes to mind, which might help you deal with the larger problem by
logging the evidence.



-----Original Message-----
From: Realized Mofo [mailto:realized () gmail com]
Sent: Tuesday, April 26, 2005 4:32 PM
To: security-basics () securityfocus com
Subject: how to block ALL AIM traffic ?

I am at an office with 50~ machines , out of thoes about 20 or so use
AIM. I would like to block AIM and normally i'd just block the AIM
port (5190) or whatever it is..

BUT AOL seems to have found a great way around this and has 4000+
diffrent ports they use and i'd assume lots of diffrent hosts.


Whats the best way of blocking all AIM traffic ?
Previous By Date Next
Previous By Thread Next

Current thread: