RE: Blocking Instant Messaging Applications

From: Beauford, Jason (jbeauford_at_EightInOnePet.com)
Date: 11/22/05

Next message: Robert J. Stull: "Re: Solaris/UNIX Network Performance & Security"

Previous message: Adrian Floarea: "RE: File encryption"
Maybe in reply to: Gaddis, Jeremy L.: "Blocking Instant Messaging Applications"
Next in thread: Murad Talukdar: "RE: Blocking Instant Messaging Applications"
Reply: Murad Talukdar: "RE: Blocking Instant Messaging Applications"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 22 Nov 2005 15:25:33 -0500
To: "Gaddis, Jeremy L." <jeremy@linuxwiz.net>, "Alloishus BeauMains" <all0i5hu5@gmail.com>

Use DNS to resolve them (hostnames like oscar.aol.com) to a
local-non-existent address.

Or just block the associated outgoing ports at the firewall.

Or use a thirdparty filter like:

        SurfControl
        or
        Websense

JMB

        | -----Original Message-----
        | From: Gaddis, Jeremy L. [mailto:jeremy@linuxwiz.net]
        | Sent: Monday, November 21, 2005 8:04 PM
        | To: Alloishus BeauMains
        | Cc: security-basics@securityfocus.com
        | Subject: Re: Blocking Instant Messaging Applications
        |
        | Alloishus BeauMains wrote:
        | > At the PIX or firewall, or wherever your ACLs are
        | kept, block incoming
        | > or outgoing traffic to oscar.aol.com, the
        | messenger login servers,
        | > trillian, yahoo, etc etc etc.
        |
        | Unfortunately, this method also has a great deal of
        | administrative overhead. Do a lookup on
        | messenger.hotmail.com. Do another lookup two weeks
        | from now. A beer says that the IPs will differ.
        | Trying to keep up with this is futile. If you don't
        | believe me, see MS KB Article
        | #889829
        | (http://support.microsoft.com/default.aspx/kb/889829)
        | . I implemented this on February 13th. It worked
        | for perhaps a month.
        |
        | Heck, just checked and that article isn't even
        | available anymore. It's referenced at
        | http://www.microsoft.com/security/incident/im.mspx,
        | but clicking on the link gets you to an error page.
        |
        | Thanks,
        | -j
        |
        | --
        | Jeremy L. Gaddis, GCWN
        | http://www.linuxwiz.net/

Next message: Robert J. Stull: "Re: Solaris/UNIX Network Performance & Security"

Previous message: Adrian Floarea: "RE: File encryption"
Maybe in reply to: Gaddis, Jeremy L.: "Blocking Instant Messaging Applications"
Next in thread: Murad Talukdar: "RE: Blocking Instant Messaging Applications"
Reply: Murad Talukdar: "RE: Blocking Instant Messaging Applications"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]