Snort mailing list archives

RE: Chat/IM

From: "Lyons, Jon" <Jon_Lyons () enh org>
Date: Wed, 14 Apr 2004 16:13:33 -0500

I just create fake DNS entries for IM/P2P stuff, then create a firewall
to stop the clients from using other DNS servers...Works well....
 
-----Original Message-----
From: Larry Pitcher [mailto:pitcherl () bakerboyer com] 
Sent: Tuesday, April 13, 2004 5:21 PM
To: 'snort-users () lists sourceforge net'
Subject: RE: [Snort-users] Chat/IM
 
Try blocking all destination ports above 1023 going out to the
internet... You will probably break some things that will need
exceptions to the rule, but then you'll be covered.
Larry Pitcher 
Internet Product Manager 
Baker Boyer National Bank 
509.526.1429 
pitcherl () bakerboyer com <mailto:pitcherl () bakerboyer com>  
        -----Original Message-----
        From: Harper, Patrick [mailto:patrick.harper () phns com] 
        Sent: Tuesday, April 13, 2004 2:05 PM
        To: Rowland, Krisa W ERDC-ITL-MS Contractor;
snort-users () lists sourceforge net
        Subject: RE: [Snort-users] Chat/IM
        from a quick Google search (I have done this before but I did
not remember off the top of my head)
         
        Yahoo Messenger
         
        cs1.yahoo.com
        cs2.yahoo.com
        cs3.yahoo.com
         
        port
        5050 (I would just block them in general instead of worrying
about ports)
         
        ------------
         
        AIM
         
        205.188.3.160
        205.188.7.176 
        205.188.7.172 
        205.188.7.168 
        205.188.7.164 
        205.188.5.208
        205.188.5.204 
        205.188.3.176
         
        -------------
        MSN Messenger
         
        messenger.hotmail.com
        TCP/1863
         
        Patrick S. Harper | CISSP RHCT MCSE
        Information Security Engineer
        patrick.harper () phns com 
         
         
        
  _____  

        From: Rowland, Krisa W ERDC-ITL-MS Contractor
[mailto:Krisa.W.Rowland () erdc usace army mil] 
        Sent: Tuesday, April 13, 2004 2:54 PM
        To: Harper, Patrick; snort-users () lists sourceforge net
        Subject: RE: [Snort-users] Chat/IM
        Yes - I know it's wishful thinking - but just wondering if
anyone had had any luck doing this. 
                -----Original Message-----
                From: Harper, Patrick [mailto:patrick.harper () phns com]
                Sent: Tuesday, April 13, 2004 3:53 PM
                To: Rowland, Krisa W ERDC-ITL-MS Contractor;
snort-users () lists sourceforge net
                Subject: RE: [Snort-users] Chat/IM
                outbound firewall rules?
                 
                 
                Patrick S. Harper | CISSP RHCT MCSE
                Information Security Engineer
                patrick.harper () phns com 
                 
                 
                
  _____  

                From: Rowland, Krisa W ERDC-ITL-MS Contractor
[mailto:Krisa.W.Rowland () erdc usace army mil] 
                Sent: Tuesday, April 13, 2004 1:26 PM
                To: 'snort-users () lists sourceforge net'
                Subject: [Snort-users] Chat/IM
                Does anyone have an effective way of blocking chat/IM? 
                Krisa Rowland 
                ERDC Information Assurance Team 
                (SAIC Contractor) 
                3909 Halls Ferry Rd.,  Bldg. 8000 
                Vicksburg, MS 39180 
                601-634-2493 
                krisa.w.rowland () erdc usace army mil 
                
                
                
                
                Disclaimer:
                This electronic message, including any attachments, is
confidential and intended solely for use of the intended recipient(s).
This message may contain information that is privileged or otherwise
protected from disclosure by applicable law. Any unauthorized
disclosure, dissemination, use or reproduction is strictly prohibited.
If you have received this message in error, please delete it and notify
the sender immediately. 
                
                
        
        
        
        
        Disclaimer:
        This electronic message, including any attachments, is
confidential and intended solely for use of the intended recipient(s).
This message may contain information that is privileged or otherwise
protected from disclosure by applicable law. Any unauthorized
disclosure, dissemination, use or reproduction is strictly prohibited.
If you have received this message in error, please delete it and notify
the sender immediately.

Current thread:

Re: Chat/IM, (continued)
- - Message not available
    - Re: Chat/IM Matt Kettler (Apr 13)
- RE: Chat/IM Rowland, Krisa W ERDC-ITL-MS Contractor (Apr 13)
- RE: Chat/IM Harper, Patrick (Apr 13)
  - Re: Chat/IM Remko Lodder (Apr 13)
    - Re: Chat/IM Craig Paterson (Apr 13)
    - Re: Chat/IM Bryan Irvine (Apr 13)
- RE: Chat/IM Harper, Patrick (Apr 13)
- RE: Chat/IM Larry Pitcher (Apr 13)
- Re: Chat/IM Mark . Schutzmann (Apr 14)
- RE: Chat/IM Rowland, Krisa W ERDC-ITL-MS Contractor (Apr 14)
- RE: Chat/IM Lyons, Jon (Apr 14)
  - RE: Chat/IM Joe Thompson (Apr 15)