Snort mailing list archives
RE: Chat/IM
From: "Lyons, Jon" <Jon_Lyons () enh org>
Date: Wed, 14 Apr 2004 16:13:33 -0500
I just create fake DNS entries for IM/P2P stuff, then create a firewall to stop the clients from using other DNS servers...Works well.... -----Original Message----- From: Larry Pitcher [mailto:pitcherl () bakerboyer com] Sent: Tuesday, April 13, 2004 5:21 PM To: 'snort-users () lists sourceforge net' Subject: RE: [Snort-users] Chat/IM Try blocking all destination ports above 1023 going out to the internet... You will probably break some things that will need exceptions to the rule, but then you'll be covered. Larry Pitcher Internet Product Manager Baker Boyer National Bank 509.526.1429 pitcherl () bakerboyer com <mailto:pitcherl () bakerboyer com> -----Original Message----- From: Harper, Patrick [mailto:patrick.harper () phns com] Sent: Tuesday, April 13, 2004 2:05 PM To: Rowland, Krisa W ERDC-ITL-MS Contractor; snort-users () lists sourceforge net Subject: RE: [Snort-users] Chat/IM from a quick Google search (I have done this before but I did not remember off the top of my head) Yahoo Messenger cs1.yahoo.com cs2.yahoo.com cs3.yahoo.com port 5050 (I would just block them in general instead of worrying about ports) ------------ AIM 205.188.3.160 205.188.7.176 205.188.7.172 205.188.7.168 205.188.7.164 205.188.5.208 205.188.5.204 205.188.3.176 ------------- MSN Messenger messenger.hotmail.com TCP/1863 Patrick S. Harper | CISSP RHCT MCSE Information Security Engineer patrick.harper () phns com _____ From: Rowland, Krisa W ERDC-ITL-MS Contractor [mailto:Krisa.W.Rowland () erdc usace army mil] Sent: Tuesday, April 13, 2004 2:54 PM To: Harper, Patrick; snort-users () lists sourceforge net Subject: RE: [Snort-users] Chat/IM Yes - I know it's wishful thinking - but just wondering if anyone had had any luck doing this. -----Original Message----- From: Harper, Patrick [mailto:patrick.harper () phns com] Sent: Tuesday, April 13, 2004 3:53 PM To: Rowland, Krisa W ERDC-ITL-MS Contractor; snort-users () lists sourceforge net Subject: RE: [Snort-users] Chat/IM outbound firewall rules? Patrick S. Harper | CISSP RHCT MCSE Information Security Engineer patrick.harper () phns com _____ From: Rowland, Krisa W ERDC-ITL-MS Contractor [mailto:Krisa.W.Rowland () erdc usace army mil] Sent: Tuesday, April 13, 2004 1:26 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Chat/IM Does anyone have an effective way of blocking chat/IM? Krisa Rowland ERDC Information Assurance Team (SAIC Contractor) 3909 Halls Ferry Rd., Bldg. 8000 Vicksburg, MS 39180 601-634-2493 krisa.w.rowland () erdc usace army mil Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately.
Current thread:
- Re: Chat/IM, (continued)
- Message not available
- Re: Chat/IM Matt Kettler (Apr 13)
- Message not available
- RE: Chat/IM Rowland, Krisa W ERDC-ITL-MS Contractor (Apr 13)
- RE: Chat/IM Harper, Patrick (Apr 13)
- Re: Chat/IM Remko Lodder (Apr 13)
- Re: Chat/IM Craig Paterson (Apr 13)
- Re: Chat/IM Bryan Irvine (Apr 13)
- Re: Chat/IM Remko Lodder (Apr 13)
- RE: Chat/IM Harper, Patrick (Apr 13)
- RE: Chat/IM Larry Pitcher (Apr 13)
- Re: Chat/IM Mark . Schutzmann (Apr 14)
- RE: Chat/IM Rowland, Krisa W ERDC-ITL-MS Contractor (Apr 14)
- RE: Chat/IM Lyons, Jon (Apr 14)
- RE: Chat/IM Joe Thompson (Apr 15)