Re: [fw-wiz] AIM

From: Paul D. Robertson (proberts@patriot.net)
Date: 10/01/02

• Next message: Nieveler, Juergen: "RE: [fw-wiz] AIM"
• Previous message: Noonan, Wesley: "RE: [fw-wiz] AIM"
• In reply to: Christopher Hicks: "Re: [fw-wiz] AIM"
• Next in thread: Noonan, Wesley: "RE: [fw-wiz] AIM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Paul D. Robertson" <proberts@patriot.net>
To: Christopher Hicks <chicks@chicks.net>
Date: Tue Oct  1 09:24:01 2002

On Tue, 1 Oct 2002, Christopher Hicks wrote:

> Blocking AIM is tough. It tries every port it can including things that
> are surely 'ok' for most firewalls like 80 110. Since you can't do it via
> port-blocking they've probably blocked the ip blocks for the AIM servers.

That's not all that tough, the destinations haven't moved in quite a
while, you can also block the two protocols, even tunneled if you wanted
to do more work.

> instead of homework.) The only way around the ISP's firewall is to get
> somebody to tunnel your traffic. That'll require some sort of VPN between
> your box and somebox outside your ISP. That would solve your other
> problem as well.

People suggesting work arounds should also note that if working around a
firewall is against policy, it could be cause for serious trouble,
from administrative to *criminal* charges[1] depending on the
jurisdiction, laws, intent, method and protocol. Someone has instituted a
policy for a reason, and exceptions to, or questions about the policy
should go back through the appropriate channels. Since firewalls are part
of the instantiation of the policy, purposefully going around them
(especially coupled with public mailing list posts asking how) proves
intent quite nicely.

> What sort of ISP blocks AIM anyway? Switch or get DSL or something.

As Jim pointed out, almost obviously a school does- "The firewall ate my
homework!"

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation

---

• Next message: Nieveler, Juergen: "RE: [fw-wiz] AIM"
• Previous message: Noonan, Wesley: "RE: [fw-wiz] AIM"
• In reply to: Christopher Hicks: "Re: [fw-wiz] AIM"
• Next in thread: Noonan, Wesley: "RE: [fw-wiz] AIM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: how to block AIMEXPRESS in a domain ... but how to block AIMEXPRESS in a domain? ... is there anything in domain group policy? ... The only *practical* way to block AIM Express is by stripping java content ... from web sites using a firewall or content filtering plugin on your ... (microsoft.public.win2000.security) Re: Problem signing on to AIM with Net::AOLIM ... I had already verified that my AOL account can send and receive IMs by logging in and exchanging IMs with another user. ... I also turned off my XP firewall temporarily and tried numeric IPs instead of hostnames but no luck. ... I know nothing about AIM. ... grant write ability through your XP system. ... (comp.lang.perl.misc) Re: Re: Re: Strange Problem With Networking XP ... |>Disable the Windows XP firewall (it only protects you one way, incoming ... |>traffic) forever and get a decent firewall. ... I can tell you have used and like AIM though. ... (microsoft.public.windowsxp.network_web) Re: Survey: Chat and IM ... >But don't think banning aim is easy as a firewall rule. ... >default port AIM uses, problem fixed right. ... >to search every port until it finds one it can>connect to aol servers ... (Security-Basics) Re: [fw-wiz] AIM ... Blocking AIM is tough. ... The only way around the ISP's firewall is to get ... your box and somebox outside your ISP. ... (Firewall-Wizards)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)