Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Blocking IM

from [Gregory Hicks] Network Security [Permanent Link]
Subject: RE: Blocking IM
Date: Thu, 8 Dec 2005 17:38:41 -0800 (PST) 


From: Bourque Daniel <Daniel.Bourque@loto-quebec.com>
To: "'Jay Archibald'" <jay.archibald@gmail.com>, David_Morales@onr.navy.mil, 

firewalls@securityfocus.com

Subject: RE: Blocking IM
Date: Wed, 7 Dec 2005 20:50:48 -0500 

OK, there is something I don't get here..
 
I have been using this technique for a longtime to block whole domain.  How
can you only block msg.yahoo.com in your inside DNS server without blocking
all yahoo.com?


Create a zone file for the domain msg.yahoo.com and point it at your favorite 
sink.  Put this zone on your internal bind machine (so that it doesn't leak to 
the internet) and ...

The rest of yahoo.com will resolve normally.


________________________________

De : Jay Archibald [mailto:jay.archibald@gmail.com] 
Envoyé : 7 décembre 2005 13:37
À : David_Morales@onr.navy.mil; firewalls@securityfocus.com
Objet : RE: Blocking IM


An alternative solution to using expensive IDS or Web Filtering products is
BLACKHOLE DNS.  Easy to setup and free if you have your own DNS server.
Here is some information for configuring blackhole DNS.  It was originally
used to prevent malware, but it can be easily used to block instant
messengers as well.  The idea is that your DNS server resolves the DNS name
used for the login process.  You point the DNS alias to an internal IP
address on your network.  If users can't login, they won't be using instant
messengers.  It has worked for us. 
 
http://www.bleedingsnort.com/blackhole-dns/
http://www.bleedingsnort.com/article.php?story=20050620215129947&query=black
hole
 
Here are the DNS names we use for blocking instant messengers: 
AOL
login.oscar.aol.com 
screenname.aol.com 
aimexpress.aol.com
aim.aol.com
Yahoo
msg.yahoo.com
messenger.yahoo.com
MSN
messenger.hotmail.com 
msgr.hotmail.com
webmessenger.msn.com

GOOGLE
talk.google.com 
 
From: Morales, David (Seta) [mailto:David_Morales@onr.navy.mil] 
Sent: Tuesday, December 06, 2005 12:51 PM
To: firewalls@securityfocus.com <mailto:firewalls@securityfocus.com> 
Cc: Amiryar, Edris (Seta)
Subject: Blocking IM

 

We are blocking IM at the Firewall (juniper 5200) and through Surf-control
(Web Filtering product, but we are still able to connect to Yahoo IM. Has
anyone been able to do this successfully? And, does anyone have a list of
ports to block so we cannot get to this IM? 

Thanks in advance,

David Morales

moraled@onr.navy.mil <mailto:moraled@onr.navy.mil> 




---------------------------------------------------------------------

I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Blocking IM, Stephen Samuel
Next by Date:  Re: Blocking IM, J Udy
Previous by Thread:  RE: Blocking IM, Amiryar, Edris (Seta)
Next by Thread:  RE : Blocking IM, Bourque Daniel
Indexes:  [Date] [Thread] [Top] [All Lists]