[Snort-users] Chat/IM

Lyons, Jon Jon_Lyons at ...11066...
Wed Apr 14 14:14:06 EDT 2004


I just create fake DNS entries for IM/P2P stuff, then create a firewall
to stop the clients from using other DNS servers...Works well....
 
-----Original Message-----
From: Larry Pitcher [mailto:pitcherl at ...11634...] 
Sent: Tuesday, April 13, 2004 5:21 PM
To: 'snort-users at lists.sourceforge.net'
Subject: RE: [Snort-users] Chat/IM
 
Try blocking all destination ports above 1023 going out to the
internet... You will probably break some things that will need
exceptions to the rule, but then you'll be covered.
Larry Pitcher 
Internet Product Manager 
Baker Boyer National Bank 
509.526.1429 
pitcherl at ...11634... <mailto:pitcherl at ...11634...>  
	-----Original Message-----
	From: Harper, Patrick [mailto:patrick.harper at ...11593...] 
	Sent: Tuesday, April 13, 2004 2:05 PM
	To: Rowland, Krisa W ERDC-ITL-MS Contractor;
snort-users at lists.sourceforge.net
	Subject: RE: [Snort-users] Chat/IM
	from a quick Google search (I have done this before but I did
not remember off the top of my head)
	 
	Yahoo Messenger
	 
	cs1.yahoo.com
	cs2.yahoo.com
	cs3.yahoo.com
	 
	port
	5050 (I would just block them in general instead of worrying
about ports)
	 
	------------
	 
	AIM
	 
	205.188.3.160
	205.188.7.176 
	205.188.7.172 
	205.188.7.168 
	205.188.7.164 
	205.188.5.208
	205.188.5.204 
	205.188.3.176
	 
	-------------
	MSN Messenger
	 
	messenger.hotmail.com
	TCP/1863
	 
	Patrick S. Harper | CISSP RHCT MCSE
	Information Security Engineer
	patrick.harper at ...11593... 
	 
	 
	
  _____  

	From: Rowland, Krisa W ERDC-ITL-MS Contractor
[mailto:Krisa.W.Rowland at ...3768...] 
	Sent: Tuesday, April 13, 2004 2:54 PM
	To: Harper, Patrick; snort-users at lists.sourceforge.net
	Subject: RE: [Snort-users] Chat/IM
	Yes - I know it's wishful thinking - but just wondering if
anyone had had any luck doing this. 
		-----Original Message-----
		From: Harper, Patrick [mailto:patrick.harper at ...11593...]
		Sent: Tuesday, April 13, 2004 3:53 PM
		To: Rowland, Krisa W ERDC-ITL-MS Contractor;
snort-users at lists.sourceforge.net
		Subject: RE: [Snort-users] Chat/IM
		outbound firewall rules?
		 
		 
		Patrick S. Harper | CISSP RHCT MCSE
		Information Security Engineer
		patrick.harper at ...11593... 
		 
		 
		
  _____  

		From: Rowland, Krisa W ERDC-ITL-MS Contractor
[mailto:Krisa.W.Rowland at ...3768...] 
		Sent: Tuesday, April 13, 2004 1:26 PM
		To: 'snort-users at lists.sourceforge.net'
		Subject: [Snort-users] Chat/IM
		Does anyone have an effective way of blocking chat/IM? 
		Krisa Rowland 
		ERDC Information Assurance Team 
		(SAIC Contractor) 
		3909 Halls Ferry Rd.,  Bldg. 8000 
		Vicksburg, MS 39180 
		601-634-2493 
		krisa.w.rowland at ...3768... 
		
		
		
		
		Disclaimer:
		This electronic message, including any attachments, is
confidential and intended solely for use of the intended recipient(s).
This message may contain information that is privileged or otherwise
protected from disclosure by applicable law. Any unauthorized
disclosure, dissemination, use or reproduction is strictly prohibited.
If you have received this message in error, please delete it and notify
the sender immediately. 
		
		
	
	
	
	
	Disclaimer:
	This electronic message, including any attachments, is
confidential and intended solely for use of the intended recipient(s).
This message may contain information that is privileged or otherwise
protected from disclosure by applicable law. Any unauthorized
disclosure, dissemination, use or reproduction is strictly prohibited.
If you have received this message in error, please delete it and notify
the sender immediately. 
	
	
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040414/a8458e72/attachment.html>


More information about the Snort-users mailing list