Security Basics mailing list archives
RE: Blocking Instant Messaging Applications
From: "Nick Duda" <nduda () VistaPrint com>
Date: Mon, 21 Nov 2005 13:07:29 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Some people will arguing how much this help, but it has helped us out a lot. We use a GPO with a Software Restriction Policy. We then restrict all IM programs via the hash of the binary. This can be hard to maintain because each new or old version you need to obtain the hash of the binary. I'm still in search for some master hash database. It works well for what its worth. Combined with other measures it works out pretty good. - - Nick - -----Original Message----- From: Gaddis, Jeremy L. [mailto:jeremy () linuxwiz net] Sent: Friday, November 18, 2005 1:24 PM To: security-basics () securityfocus com Subject: Blocking Instant Messaging Applications Hi, I'm interested in hearing what others are doing to block Instant Messaging traffic on their networks. We would like to block all IM traffic due to security concerns and, less so, bandwidth concerns (large file transfers). Normal measures that one would take are futile. These IM applications are very "port agile" and will simply try another port if the first doesn't work. Blocking 1863/TCP, for example, does nothing to stop MSN Messenger. Many months ago, I implemented the tips that Microsoft outlined in KB article 889829 (http://support.microsoft.com/default.aspx/kb/889829) to no avail. A few days ago, I made our DNS servers "authoritative" for messenger.hotmail.com and webmessenger.msn.com, and added A records pointing to 127.0.0.1. These seems to have taken care of MSN Messenger for the meantime, but it's only a matter of time before someone figures out what's going on and how to bypass it. I haven't yet attempted to block AOL or Yahoo's Instant Messengers, but those will be next. We have a policy that takes care of the problem on the employee side of things, but we are an .edu and we can't apply that same policy to students using the labs or wireless networks in our building. I'm interested in hearing about "software" solutions to this problem, and am trying to avoid throwing additional network appliances or devices into the mix if at all possible. Thanks, - -j - -- Jeremy L. Gaddis, GCWN "If it's not on fire, it's a software problem." -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ4IM3VPWeke/vskjEQLWdACgnyu5O72HiP88lwfJ0UZe8WjfwxkAnjnt wB6OtYkX66sfaVSmUzY9KPrU =UX90 -----END PGP SIGNATURE-----
Current thread:
- Blocking Instant Messaging Applications Gaddis, Jeremy L. (Nov 21)
- RE: Blocking Instant Messaging Applications Murad Talukdar (Nov 22)
- <Possible follow-ups>
- RE: Blocking Instant Messaging Applications Nick Duda (Nov 21)
- RE: Blocking Instant Messaging Applications Murad Talukdar (Nov 22)
- RE: Blocking Instant Messaging Applications Aditya Deshmukh (Nov 24)
- Re: Blocking Instant Messaging Applications Gaddis, Jeremy L. (Nov 22)
- RE: Blocking Instant Messaging Applications Murad Talukdar (Nov 22)
- Re: Blocking Instant Messaging Applications Neksus (Nov 21)
- Re: Blocking Instant Messaging Applications Alloishus BeauMains (Nov 22)
- Re: Blocking Instant Messaging Applications Gaddis, Jeremy L. (Nov 22)
- RE: Blocking Instant Messaging Applications Aditya Deshmukh (Nov 24)
- Re: Blocking Instant Messaging Applications Gaddis, Jeremy L. (Nov 22)
- RE: Blocking Instant Messaging Applications Alexis Villagra - VILSOL LatinAmerica (Nov 22)
- Re: Blocking Instant Messaging Applications Alloishus BeauMains (Nov 22)
- RE: Blocking Instant Messaging Applications Collier, Simon (Nov 22)
(Thread continues...)