Security Basics mailing list archives

Re: how to block ALL AIM traffic ?

From: "Mark Cyprus" <Mark.Cyprus () paracominc com>
Date: Thu, 28 Apr 2005 11:46:50 -0500

Hi,

The only way I know is Websense Enterprise Manager running in network sniffing mode.  Though Websense was originally 
designed as a solution to block URLs, if you run it in network sniffing mode (and not as a firewall CVP) it also blocks 
protocols by signatures, not port. It works very well, we have no problems with it.

/boot <Slashboot () gmail com> 04/27/05 05:01PM >>>

Hello

Realized Mofo wrote:

BUT AOL seems to have found a great way around this and has 4000+
diffrent ports they use and i'd assume lots of diffrent hosts.


Whats the best way of blocking all AIM traffic ?


You deny all outgoing connections, then you accept only outgoing 
connections to the ports that you enable in your firewall config (http, 
ftp, ssh ?). But, I think that people can continue using AIMs with http 
only (there are some web sites giving this kind of service for free like 
http://www.e-messenger.net/). A host based firewall rule should handle 
that! Remember also that if you are opening ssh access, people can use 
ssh tunneling and bypass firewall rules.

-- 
/boot

Current thread:

Re: how to block ALL AIM traffic ?, (continued)
- Re: how to block ALL AIM traffic ? Ramon Kagan (Apr 28)
- Re: how to block ALL AIM traffic ? Bipin Gautam (Apr 28)
- Re: how to block ALL AIM traffic ? Times Enemy (Apr 28)
- RE: how to block ALL AIM traffic ? Evan Littmann (Apr 28)
- Re: how to block ALL AIM traffic ? Netops (Apr 28)
- Re: how to block ALL AIM traffic ? Markus Schabel (Apr 28)
- Re: how to block ALL AIM traffic ? Mark Owen (Apr 29)
- Re: how to block ALL AIM traffic ? david kuhlman (Apr 29)
- Re: how to block ALL AIM traffic ? H Carvey (Apr 28)
- RE: how to block ALL AIM traffic ? Rochford, Paul (Apr 28)
- Re: how to block ALL AIM traffic ? Mark Cyprus (Apr 29)
- RE: how to block ALL AIM traffic ? Joe Kanser (Apr 29)