RE: Blocking Instant Messaging Applications

["Beauford, Jason" <jbeauford () EightInOnePet com>]

Use DNS to resolve them (hostnames like oscar.aol.com) to a
local-non-existent address.

Or just block the associated outgoing ports at the firewall.

Or use a thirdparty filter like:

        SurfControl
        or
        Websense 

JMB

        |  -----Original Message-----
        |  From: Gaddis, Jeremy L. [mailto:jeremy () linuxwiz net] 
        |  Sent: Monday, November 21, 2005 8:04 PM
        |  To: Alloishus BeauMains
        |  Cc: security-basics () securityfocus com
        |  Subject: Re: Blocking Instant Messaging Applications
        |  
        |  Alloishus BeauMains wrote:
        |  > At the PIX or firewall, or wherever your ACLs are 
        |  kept, block incoming 
        |  > or outgoing traffic to oscar.aol.com, the 
        |  messenger login servers, 
        |  > trillian, yahoo, etc etc etc.
        |  
        |  Unfortunately, this method also has a great deal of 
        |  administrative overhead.  Do a lookup on 
        |  messenger.hotmail.com.  Do another lookup two weeks 
        |  from now.  A beer says that the IPs will differ.  
        |  Trying to keep up with this is futile.  If you don't 
        |  believe me, see MS KB Article
        |  #889829 
        |  (http://support.microsoft.com/default.aspx/kb/889829)
        |  .  I implemented this on February 13th.  It worked 
        |  for perhaps a month.
        |  
        |  Heck, just checked and that article isn't even 
        |  available anymore.  It's referenced at 
        |  http://www.microsoft.com/security/incident/im.mspx, 
        |  but clicking on the link gets you to an error page.
        |  
        |  Thanks,
        |  -j
        |  
        |  --
        |  Jeremy L. Gaddis, GCWN
        |  http://www.linuxwiz.net/