Re: AIM to iChat AV

["M. Dodge Mumford" <dodge () dmumford com>]

Michael Tortorella said:

> Im working on a mac osx panther system, and I'm trying to connect to 
> someone on a windows professional system using iChat AV to AIM...they 
> get an error that says is probably caused by a firewall.  If this 
> firewall is put in by their network, is there anyway around it?

I was going to start down the path of reminding you that this is a list for
administrators of firewalls. These are people who want their firewalls to
work and not be circumvented. Then I realized that your question can
be intrepreted with a bit more subtlety. It sounds like your buddy wants to
use a service, but isn't aware if it's permitted.

He should read his site's security policy. 

Ok, given that his site probably doesn't have one, or if he does it's
written sufficiently poorly to determine whether it's permitted, he should
ask.

But what makes me wonder is whether there are firewalls on the market that
do more than simply block address/port combinations or perform content
analysis. What I'm thinking of is an inline intelligent rejection. For
example in this case, the firewall would accept the AIM login (no matter
what it is), and display a message to the user saying that AIM is forbidden
with an administratively-defined link to the security policy).  I can
imagine such inline rejection being useful for a number of protocols.
"request.administratively.prohibited" for DNS. "220 Connection
Administratively Prohibited, see http://foo.bar.bletch/policy.html"; for FTP.
And so forth. Does something like that exist?

Oh, and in response to your question "is there anyway around it?" If he's
got some access to the Internet, the answer is "probably yes." The "How" is
simply an implementation detail and an "excercise left to the reader."

-- 

Dodge

Attachment: _bin
Description: