Re: how to block ALL AIM traffic ?

[Mark Owen <mr.markowen () gmail com>]

It really is difficult to block any popular instant messenger due to
the number of servers available for them.

Block all out going connections to login.oscar.aol.com should
eliminate most of the problems as that is where AIM users are
authenticated.
If need be, block all connections to *.aol.com in case AOL has
alternate locations to login on their servers.  No one should have to
connect to aol.com from work for work related matters.  As the user's
find more ways around it (like e-messenger.net or aim express at
aim.com) block them as you notice them.

In a case like this, I highly recommend investing in an application
layer firewall (a special config linux box would work)  to monitor
connections for AIM traffic but even then the users can overcome that
with HTTport3.snf[1] and Socks2HTTP[2].

When it all comes down to it, block and log all known attempts and
discipline repeat offenders.

[1]  http://www.networkingfiles.com/Firewalls/HTTPort.htm
[2]  http://www.totalrc.net/s2h/index.jsp


On 4/26/05, Realized Mofo <realized () gmail com> wrote:
> I am at an office with 50~ machines , out of thoes about 20 or so use
> AIM. I would like to block AIM and normally i'd just block the AIM
> port (5190) or whatever it is..
>
> BUT AOL seems to have found a great way around this and has 4000+
> diffrent ports they use and i'd assume lots of diffrent hosts.
>
> Whats the best way of blocking all AIM traffic ?


-- 
Mark Owen