Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Blocking IM

from [Jay Archibald] Network Security [Permanent Link]
Subject: RE: Blocking IM
Date: Wed, 7 Dec 2005 11:37:02 -0700 
An alternative solution to using expensive IDS or Web Filtering products is
BLACKHOLE DNS.  Easy to setup and free if you have your own DNS server.
Here is some information for configuring blackhole DNS.  It was originally
used to prevent malware, but it can be easily used to block instant
messengers as well.  The idea is that your DNS server resolves the DNS name
used for the login process.  You point the DNS alias to an internal IP
address on your network.  If users can't login, they won't be using instant
messengers.  It has worked for us.

http://www.bleedingsnort.com/blackhole-dns/
http://www.bleedingsnort.com/article.php?story=20050620215129947&query=blackhole

Here are the DNS names we use for blocking instant messengers:
AOL
login.oscar.aol.com
screenname.aol.com
aimexpress.aol.com
aim.aol.com
Yahoo
msg.yahoo.com
messenger.yahoo.com
MSN
messenger.hotmail.com
msgr.hotmail.com
webmessenger.msn.com
GOOGLE
talk.google.com
**
*From:* Morales, David (Seta) [mailto:David_Morales@onr.navy.mil]
*Sent:* Tuesday, December 06, 2005 12:51 PM
*To:* firewalls@securityfocus.com
*Cc:* Amiryar, Edris (Seta)
*Subject:* Blocking IM



We are blocking IM at the Firewall (juniper 5200) and through Surf-control
(Web Filtering product, but we are still able to connect to Yahoo IM. Has
anyone been able to do this successfully? And, does anyone have a list of
ports to block so we cannot get to this IM?

Thanks in advance,

David Morales

moraled@onr.navy.mil
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Tool for to test firewall, Tony Haywood
Next by Date:  Re: Blocking IM, Yoshiro M Aoki
Previous by Thread:  RE: Blocking IM, Jeff Britton, Monitored Security
Next by Thread:  RE: Blocking IM, Amiryar, Edris (Seta)
Indexes:  [Date] [Thread] [Top] [All Lists]