Re: how to block ALL AIM traffic ?
From: Ramon Kagan (rkagan_at_yorku.ca)
Date: 04/28/05
- Previous message: /boot: "Re: how to block ALL AIM traffic ?"
- In reply to: Realized Mofo: "how to block ALL AIM traffic ?"
- Next in thread: H Carvey: "Re: how to block ALL AIM traffic ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Apr 2005 08:17:10 -0400 (EDT) To: Realized Mofo <realized@gmail.com>
HI,
I don't have AIM traffic on my network right now... but what I would do it
conduct a tcpdump, full packet capture (-s 0) for port 5190 traffic. Then
I would inspect the payload for a pattern. Once I have a pattern write a
filter/signature based on it to conduct the packet drop.
I was hoping to give you a signature or pattern, but we seem to be AIM
free here.
Ramon Kagan
York University, Computing and Network Services
Information Security - Senior Information Security Analyst
(416)736-2100 #20263
rkagan@yorku.ca
----------------------------------- ------------------------------------
I have not failed. I have just I don't know the secret to success,
found 10,000 ways that don't work. but the secret to failure is
trying to please everybody.
- Thomas Edison - Bill Cosby
----------------------------------- ------------------------------------
On Tue, 26 Apr 2005, Realized Mofo wrote:
> I am at an office with 50~ machines , out of thoes about 20 or so use
> AIM. I would like to block AIM and normally i'd just block the AIM
> port (5190) or whatever it is..
>
> BUT AOL seems to have found a great way around this and has 4000+
> diffrent ports they use and i'd assume lots of diffrent hosts.
>
>
> Whats the best way of blocking all AIM traffic ?
>
>
- Previous message: /boot: "Re: how to block ALL AIM traffic ?"
- In reply to: Realized Mofo: "how to block ALL AIM traffic ?"
- Next in thread: H Carvey: "Re: how to block ALL AIM traffic ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
