Re: Blocking Instant Messengers
From: x y (jamescagney90210@excite.com)Date: 07/03/02
- Next message: .: "Anonymous Proxy Questions"
- Previous message: x y: "Re: Is stealth redundant?"
- In reply to: Derek Greenan: "Blocking Instant Messengers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "x y" <jamescagney90210@excite.com> Date: Wed, 3 Jul 2002 13:48:13 -0400
Search google for "msn aim tcp port block" Blocking the necessary ports
is a start, but some IM clients can use ports like port TCP 80 that you
can't block. Blocking the range of IP addresses and domain names that the
IM client connects to is another possible thing to do in addition, although
both of these can be changed by MSN later on. So, if you have a DNS server
on our domain used by internal clients to access the internet, you could
also add an empty dummy domain to the internal DNS server that matches the
name of the host or domain used by the IM client, such as oscar.aol.com
This is more effective if all the clients are forced by the firewall to use
your internal dns server. At any rate, this is a bit of a moving target, so
you may want to keep checking every so often to confirm that IM is still
being blocked, perhaps by keeping up to date on new releases of the IM
software, and by installing the latest IM client and trying to get it to
work. Also, consider finding and blocking the ports used by the other IM
clients as well at the same time.
Actually, if you're asking this question, I'm assuming your firewall may not
be configured to deny everything except those ports that are specifically
permitted and approved. If this is so, you may want to re-evaluate what
your firewall is and is not blocking. Blocking outbound connections is very
important, I think it's a mistake to allow everything outbound. To tighten
up your firewall, you can evaluate what ports are going through your
firewall by looking at your logs for packets allowed outbound [no need to
look at packets inbound or packets rejected at this point], look up those
ports to try to guess what they are being used for and whether they should
be approved, enable the tighter firewall rules, and then research problems
as people call to report complaints about things on the internet no longer
working.
"Derek Greenan" <dgreenan@data-care.com> wrote in message
news:cBgU8.752$i5.6110@news.indigo.ie...
> Can anyone tell me how to completely block MSN Messenger in Checkpoint
> Firewall-1 !?
>
>
- Next message: .: "Anonymous Proxy Questions"
- Previous message: x y: "Re: Is stealth redundant?"
- In reply to: Derek Greenan: "Blocking Instant Messengers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
