Re: How do i stop yahoo with netscreen.

From: chort (chort_at_amaunetsgothique.com)
Date: 08/29/03

  • Next message: chort: "Re: Hiding IP in E-Mail.." 
    To: iain <iain-lists@clear.net.nz>
Date: 29 Aug 2003 08:55:23 -0700

    On Fri, 2003-08-29 at 00:24, iain wrote:
    > Hi all
    >
    > been asked to block messenger programs on one of my sites, got msn, icq and
    > aol beat.
    >
    > But yahoo tried everything, blocked 3 entire subnets and still no joy, any
    > ideas.
    > >From web searches this seems to be a hard one to stop, as it using multiple
    > subnets and ports.
    > Have used Judes recommendations in one of the archives with no success.
    > After doing this it slowed down login but that was it.
    >
    > I am using a netscreen 5xp, blocking addresses and using the netscreen dns
    > to resolve the IP addresses.
    > I have all ports in denied, and all ports out apart from SMTP, pop3,
    > traceroute, ping, ftp, http, https, 3389 blocked.
    > The site has constant software changes so cant implement group policy.
    > And the site has some very clued up staff as they do basic IT support
    > themselves.
    > The Dns relay box, ADSL router does not keep dns logs and i don't have a
    > netscreen i can play with.
    >
    > Where am i going wrong???
    >
    > Thanks
    >
    > Iain

    I'm sure someone has the exact information you're looking for, but you
    could proactively discover it by putting a network sniffer on a machine,
    then connecting to Yahoo! and see where it sends the initial traffic
    (and where the responses come from). Ethereal is one such free
    solution. There are many other sniffers. 

    -- 
Brian Keefer
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
  • Next message: chort: "Re: Hiding IP in E-Mail.."

    Relevant Pages

    • Re: Is This Normal DNS Behavior on a Server2003 SP2 Domain Controller
      ... Protection against the Microsoft DNS Cache Poisoning Vulnerability ... These response or service ports, are used by all Windows communications. ... How to reserve a range of ephemeral ports on a computer that is running Windows Server 2003 or Windows 2000 Server ...
      (microsoft.public.windows.server.dns)
    • Re: Issue with port blocking on public DNS server
      ... I am talking about the "Destination Ports" in the "Responses to local DNS ... names (other then the domain names in my own DNS server) on the servers. ... Filtering outbound requests on port 53 FROM the DNS to the Internet ...
      (microsoft.public.windows.server.dns)
    • Re: Connecting to Linux machine remotely
      ... The way to connect to a machine from a remote location is via ssh. ... want to connect from which queries the dns server of my ISP every 5 min ... ]> need you can forward tcp ports through ssh. ...
      (comp.os.linux.networking)
    • Re: iptables, NAT, DNS & Dan Kaminsky
      ... in RFC-compliant DNS caching servers the successful execution of which ... I.e. boxes within the NATted LAN which use ... random UDP ports are secure and neither the 2.4.x nor the 2.6.x series ...
      (Linux-Kernel)
    • Re: After DNS update: critical services being blocked from listening on standard TCP/IP ports
      ... DNS service listening on ports that other services require. ... I also observed this behaviour on our SBS after the July DNS updates, ... 'MaxUserPort' registry value is set* (see: ...
      (microsoft.public.windows.server.sbs)