Yes I know... Not enough sleep.
I was more thinking about how to block xyz.yahoo.com but not www.yahoo.com.
You cannot block a host on the same level but yes it's easy to block a
sublevel domain or could you? What if instead of defining in my dns a host
name xyz.yahoo.com, I create a sublevel zone name xyz.yahoo.com? Yould it
work, blocking host by host without blocking the whole domain?
-----Message d'origine-----
De : Gregory Hicks [mailto:ghicks@cadence.com]
Envoyé : 8 décembre, 2005 20:39
À : jay.archibald@gmail.com; David_Morales@onr.navy.mil;
firewalls@securityfocus.com; Daniel.Bourque@loto-quebec.com
Objet : RE: Blocking IM
From: Bourque Daniel <Daniel.Bourque@loto-quebec.com>
To: "'Jay Archibald'" <jay.archibald@gmail.com>,
David_Morales@onr.navy.mil,
firewalls@securityfocus.com
Subject: RE: Blocking IM
Date: Wed, 7 Dec 2005 20:50:48 -0500
OK, there is something I don't get here..
I have been using this technique for a longtime to block whole domain.
How can you only block msg.yahoo.com in your inside DNS server without
blocking all yahoo.com?
Create a zone file for the domain msg.yahoo.com and point it at your
favorite
sink. Put this zone on your internal bind machine (so that it doesn't leak
to
the internet) and ...
The rest of yahoo.com will resolve normally.
________________________________
De : Jay Archibald [mailto:jay.archibald@gmail.com]
Envoyé : 7 décembre 2005 13:37
À : David_Morales@onr.navy.mil; firewalls@securityfocus.com
Objet : RE: Blocking IM
An alternative solution to using expensive IDS or Web Filtering
products is BLACKHOLE DNS. Easy to setup and free if you have your
own DNS server. Here is some information for configuring blackhole
DNS. It was originally used to prevent malware, but it can be easily
used to block instant messengers as well. The idea is that your DNS
server resolves the DNS name used for the login process. You point
the DNS alias to an internal IP address on your network. If users
can't login, they won't be using instant messengers. It has worked
for us.
http://www.bleedingsnort.com/blackhole-dns/
http://www.bleedingsnort.com/article.php?story=20050620215129947&query
=black
hole
Here are the DNS names we use for blocking instant messengers:
AOL
login.oscar.aol.com
screenname.aol.com
aimexpress.aol.com
aim.aol.com
Yahoo
msg.yahoo.com
messenger.yahoo.com
MSN
messenger.hotmail.com
msgr.hotmail.com
webmessenger.msn.com
GOOGLE
talk.google.com
From: Morales, David (Seta) [mailto:David_Morales@onr.navy.mil]
Sent: Tuesday, December 06, 2005 12:51 PM
To: firewalls@securityfocus.com <mailto:firewalls@securityfocus.com>
Cc: Amiryar, Edris (Seta)
Subject: Blocking IM
We are blocking IM at the Firewall (juniper 5200) and through
Surf-control (Web Filtering product, but we are still able to connect
to Yahoo IM. Has anyone been able to do this successfully? And, does
anyone have a list of ports to block so we cannot get to this IM?
Thanks in advance,
David Morales
moraled@onr.navy.mil <mailto:moraled@onr.navy.mil>
---------------------------------------------------------------------
I am perfectly capable of learning from my mistakes. I will surely learn a
great deal today.
"A democracy is a sheep and two wolves deciding on what to have for lunch.
Freedom is a well armed sheep contesting the results of the decision." -
Benjamin Franklin
"The best we can hope for concerning the people at large is that they be
properly armed." --Alexander Hamilton
