[Snort-users] Chat/IM

Larry Pitcher pitcherl at ...11634...
Tue Apr 13 15:38:03 EDT 2004


Try blocking all destination ports above 1023 going out to the internet...
You will probably break some things that will need exceptions to the rule,
but then you'll be covered.

Larry Pitcher 
Internet Product Manager 
Baker Boyer National Bank 
509.526.1429 
 <mailto:pitcherl at ...11634...> pitcherl at ...11634... 

-----Original Message-----
From: Harper, Patrick [mailto:patrick.harper at ...11593...] 
Sent: Tuesday, April 13, 2004 2:05 PM
To: Rowland, Krisa W ERDC-ITL-MS Contractor;
snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Chat/IM


from a quick Google search (I have done this before but I did not remember
off the top of my head)
 
Yahoo Messenger
 
cs1.yahoo.com
cs2.yahoo.com
cs3.yahoo.com
 
port
5050 (I would just block them in general instead of worrying about ports)

 
------------
 
AIM
 
205.188.3.160
205.188.7.176 
205.188.7.172 
205.188.7.168 
205.188.7.164 
205.188.5.208
205.188.5.204 
205.188.3.176
 
-------------
MSN Messenger
 
messenger.hotmail.com
TCP/1863



Patrick S. Harper | CISSP RHCT MCSE
Information Security Engineer
patrick.harper at ...11593... 

 

  _____  

From: Rowland, Krisa W ERDC-ITL-MS Contractor
[mailto:Krisa.W.Rowland at ...3768...] 
Sent: Tuesday, April 13, 2004 2:54 PM
To: Harper, Patrick; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Chat/IM


Yes - I know it's wishful thinking - but just wondering if anyone had had
any luck doing this. 

-----Original Message-----
From: Harper, Patrick [mailto:patrick.harper at ...11593...]
Sent: Tuesday, April 13, 2004 3:53 PM
To: Rowland, Krisa W ERDC-ITL-MS Contractor;
snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Chat/IM


outbound firewall rules?
 


Patrick S. Harper | CISSP RHCT MCSE
Information Security Engineer
patrick.harper at ...11593... 

 

  _____  

From: Rowland, Krisa W ERDC-ITL-MS Contractor
[mailto:Krisa.W.Rowland at ...3768...] 
Sent: Tuesday, April 13, 2004 1:26 PM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] Chat/IM



Does anyone have an effective way of blocking chat/IM? 

Krisa Rowland 
ERDC Information Assurance Team 
(SAIC Contractor) 
3909 Halls Ferry Rd.,  Bldg. 8000 
Vicksburg, MS 39180 
601-634-2493 
krisa.w.rowland at ...3768... 





Disclaimer:
This electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message may
contain information that is privileged or otherwise protected from
disclosure by applicable law. Any unauthorized disclosure, dissemination,
use or reproduction is strictly prohibited. If you have received this
message in error, please delete it and notify the sender immediately. 








Disclaimer:
This electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message may
contain information that is privileged or otherwise protected from
disclosure by applicable law. Any unauthorized disclosure, dissemination,
use or reproduction is strictly prohibited. If you have received this
message in error, please delete it and notify the sender immediately. 




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040413/2edd0594/attachment.html>


More information about the Snort-users mailing list