Re: Survey: Chat and IM

From: Chris Berry (compjma@hotmail.com)
Date: 12/02/02

  • Next message: radar@radar.ath.cx: "Re: Low end machines for Firewall/IDS" 
    From: "Chris Berry" <compjma@hotmail.com>
To: security-basics@securityfocus.com
Date: Mon, 02 Dec 2002 11:44:43 -0800

    >From: Jason Yates <jaywhy2@comcast.net>
    >But don't think banning aim is easy as a firewall rule. Let me give >you a
    >personal example. A previous employer of mine, decided >blocking instant
    >messaging was a good idea. They simply blocked, on >the firewall, the
    >default port AIM uses, problem fixed right. The >problem with this
    >solution was the AIM has Auto Connection feature, >that allows aim clients
    >to search every port until it finds one it can >connect to aol servers
    >with. Since we allowed external ftp >connections, AIM would simply use
    >port 21 to connect to the AOL
    >servers. Even if we block every port at the firewall, people can
    >still talk through aim through web proxies. This is when my previous
    > >employer eventually gave up on the policy.
    >Good luck you'll need it. =)

    No problem, you're just trying to block it at the wrong level of the OSI
    model, you need a firewall that has layer 7 (application) filtering. ISA
    server from M$ can do this, probably Checkpoint, PIX, etc. If you're
    running a Linux firewall (iptables for example), you could probably write a
    script which checks the application attempting to access the port, and write
    a rule that rejects AIM connections from internal clients.

    Chris Berry
    compjma@hotmail.com
    Systems Administrator
    JM Associates

    "And here in our server room you can see our Beowolf Cluster of C64's that
    keeps our enterprise on the very cutting edge of technology."

    _________________________________________________________________
    Add photos to your messages with MSN 8. Get 2 months FREE*.
    http://join.msn.com/?page=features/featuredemail

    Relevant Pages

    • Logitech Quick Cam Zoom
      ... I'm trying to narrow down the ports that AIM ... You can poke a hole in your firewall, ... however I don't know which port it is. ... >have AOL 9.0, you may be able to get help from AOL ...
      (microsoft.public.windowsxp.general)
    • Re: Problem signing on to AIM with Net::AOLIM
      ... I had already verified that my AOL account can send and receive IMs by logging in and exchanging IMs with another user. ... I also turned off my XP firewall temporarily and tried numeric IPs instead of hostnames but no luck. ... I know nothing about AIM. ... grant write ability through your XP system. ...
      (comp.lang.perl.misc)
    • Re: [fw-wiz] AIM
      ... > Blocking AIM is tough. ... > port-blocking they've probably blocked the ip blocks for the AIM servers. ... The only way around the ISP's firewall is to get ... policy for a reason, and exceptions to, or questions about the policy ...
      (Firewall-Wizards)
    • Re: Re: Re: Strange Problem With Networking XP
      ... |>Disable the Windows XP firewall (it only protects you one way, incoming ... |>traffic) forever and get a decent firewall. ... I can tell you have used and like AIM though. ...
      (microsoft.public.windowsxp.network_web)
    • Re: [fw-wiz] AIM
      ... Blocking AIM is tough. ... The only way around the ISP's firewall is to get ... your box and somebox outside your ISP. ...
      (Firewall-Wizards)