Blocking IM via DNS

From: Simeon Johnston (simeonuj@eetc.com)
Date: 08/30/01


Message-ID: <3B8E6D51.59D286B6@eetc.com>
Date: Thu, 30 Aug 2001 11:44:31 -0500
From: Simeon Johnston <simeonuj@eetc.com>
To: IPTables <netfilter@lists.samba.org>, ipchains <ipchains-list@east.balius.com>, firewall wizards <firewall-wizards@nfr.net>, FOCUS-LINUX <FOCUS-LINUX@SECURITYFOCUS.COM>
Subject: Blocking IM via DNS

I have asked this before and have blocked AIM and others but am
wondering if there is an easier way?
In iptables (I think you can do this) I could block by URL. But that is
another rule and DNS lookup that the FW has to do.
Why not change those addresses on the internal DNS to point to something
bogus? Like login.oscar.aol.com for AIM would point to a bogus internal address.
Would this work? That way the ports wouldn't matter. I would just need
to find out what URL the IM is looking for.

Is this possible? IIRC all the IM need to login to some server. So
blocking that server would be fairly easy w/ a false DNS lookup. That
way I don't have to continually lookup the new ips of the URL and
blocking the ports (which is impossible for some IM) would be unnecessary.
And one of them uses the nntp protocols for communication. We use news
servers so I can't block that.

Any input?
BTW, we have complete control over the internal DNS and lookups go to
that computer.

sim



Relevant Pages

  • Re: Deny MX queries for dynamic IP pools
    ... I don't think blocking DNS is a good idea. ... you break the customers setups. ... Peter and Karin ...
    (comp.protocols.dns.bind)
  • Re: Deny MX queries for dynamic IP pools
    ... I don't think blocking DNS is a good idea. ... you break the customers setups. ... Peter and Karin ...
    (comp.protocols.dns.bind)
  • Re: Deny MX queries for dynamic IP pools
    ... I don't think blocking DNS is a good idea. ... and you are blocking alternative DNS. ... Cesidian Root - Radice Cesidiana ...
    (comp.protocols.dns.bind)
  • Re: Virus hoax - would like an expert opinion
    ... blocking completely off if you want. ... And you don't have any problems with a third-party tracking every web site ... DNS issues, and OpenDNS's detailed logging and statistics were ... Tom "Tom" Harrington ...
    (comp.sys.mac.system)
  • Re: Reverse DNS Blocking
    ... I receive a lot of spam from IP addresses for which there is not DNS entry. ... The cf file patches to do the blocking are at least one version, if not more, old. ... There are a lot of sites that for what ever reason, do not have reverse DNS set up for their IP address range. ...
    (comp.mail.sendmail)