[Snort-users] Chat/IM

Bryan Irvine bryan.irvine at ...9066...
Tue Apr 13 14:46:10 EDT 2004


won't work.  the popular services (msn/aim,etc...) run the service on
all ports to make things easy to get on.  So If you blocked all but
those ports, the client would see that it can't connect and try a
different port, then it would just sign on to the same server it has
been, just on port 80.

You'd have to just be vigilant and block the servers, and whenever a new
one was turned on block that one too.  

No way to block it 100% but you can get close.

--Bryan

On Tue, 2004-04-13 at 14:03, Remko Lodder wrote:
> Harper, Patrick wrote:
> 
> Use a proxy and only allow 80/443 and 21/20 ???
> 
> > 
> > Does anyone have an effective way of blocking chat/IM? 
> > 
> > Krisa Rowland 
> > ERDC Information Assurance Team 





More information about the Snort-users mailing list