[Snort-users] Chat/IM

Craig Paterson craigp at ...9278...
Tue Apr 13 14:22:28 EDT 2004


Remko Lodder wrote:

> Harper, Patrick wrote:
>
> Use a proxy and only allow 80/443 and 21/20 ???
>
>>
>> Does anyone have an effective way of blocking chat/IM?
>> Krisa Rowland ERDC Information Assurance Team 
>

That alone won't do it -- most of the IM systems are smart enough to 
tunnel on port 80 if they can't get out another way. You'll also need to 
block the login servers, which is a moving target but (depending on how 
tight your requirement) does a pretty good job of breaking IM for LAN 
users without a huge time investment.

Craig.





More information about the Snort-users mailing list