Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Blocking IM

from [Mark Owen] Network Security [Permanent Link]
Subject: Re: Blocking IM
Date: Wed, 7 Dec 2005 17:41:55 -0500 
On 12/6/05, Morales, David (Seta) <David_Morales@onr.navy.mil> wrote:




We are blocking IM at the Firewall (juniper 5200) and through Surf-control
(Web Filtering product, but we are still able to connect to Yahoo IM. Has
anyone been able to do this successfully? And, does anyone have a list of
ports to block so we cannot get to this IM?

Thanks in advance,


David Morales

moraled@onr.navy.mil


Unfortunately, their is not much you can do other than enforce what
policies you may have against it.  IM products are very flexible for
connecting to the many, many central servers.  IPs that you may block
will grow in numbers every week and not all resolve to a central DNS
name.   Port blocking also won't work because Yahoo! allows use of
various, different ports (including 80.)  Application filtering works
the best, but that is easily circumvented by encrypting your session. 
That and they can use any of the several free web portals to
communicate through instead of the downloadable client.

I see that you have a Navy address.  I thought NMCI policed what
software could be installed too.

If you still want to block ports, see below for default ports that Yahoo! uses.

Chat & Messenger         TCP Port 5050: Client Access only
Insider/Room Lists         TCP Port 80: Client Access only
File Transfer                  TCP Port 80: Server Access.
Voice Chat                    UDP 5000-5010
                                    TCP 5000-5001: Client Access
WebCam                       TCP Port 5100: Client Access
Super Webcam              TCP Port 5100: Server Access
P2P Instant Messages   TCP Port 5101: Server Access

--
Mark Owen
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Tool for to test firewall, Spyro Malaspinas
Next by Date:  RE: Blocking IM, Amiryar, Edris (Seta)
Previous by Thread:  Re: Blocking IM, Yoshiro M Aoki
Next by Thread:  RE: Blocking IM, Spyro Malaspinas
Indexes:  [Date] [Thread] [Top] [All Lists]