<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 10">
<meta name=Originator content="Microsoft Word 10">
<link rel=File-List href="cid:filelist.xml@...11643...">
<link rel=Edit-Time-Data href="cid:editdata.mso@...11643...">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<title>Message</title>
<!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:DontDisplayPageBoundaries/>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:EnvelopeVis/>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;
        mso-font-charset:0;
        mso-generic-font-family:swiss;
        mso-font-pitch:variable;
        mso-font-signature:1627421319 -2147483648 8 0 66047 0;}
@font-face
        {font-family:"Book Antiqua";
        panose-1:2 4 6 2 5 3 5 3 3 4;
        mso-font-charset:0;
        mso-generic-font-family:roman;
        mso-font-pitch:variable;
        mso-font-signature:647 0 0 0 159 0;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {mso-style-parent:"";
        margin:0in;
        margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;
        text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
        {color:blue;
        text-decoration:underline;
        text-underline:single;}
p
        {mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-fareast-font-family:"Times New Roman";}
span.EmailStyle18
        {mso-style-type:personal-reply;
        mso-style-noshow:yes;
        mso-ansi-font-size:10.0pt;
        mso-bidi-font-size:10.0pt;
        font-family:Arial;
        mso-ascii-font-family:Arial;
        mso-hansi-font-family:Arial;
        mso-bidi-font-family:Arial;
        color:navy;}
span.SpellE
        {mso-style-name:"";
        mso-spl-e:yes;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;
        mso-header-margin:.5in;
        mso-footer-margin:.5in;
        mso-paper-source:0;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */ 
 table.MsoNormalTable
        {mso-style-name:"Table Normal";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0in 5.4pt 0in 5.4pt;
        mso-para-margin:0in;
        mso-para-margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:10.0pt;
        font-family:"Times New Roman";}
</style>
<![endif]-->
</head>

<body lang=EN-US link=blue vlink=blue style='tab-interval:.5in'>

<div class=Section1>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I just create fake DNS entries for IM/P2P
stuff, then create a firewall to stop the clients from using other DNS servers…Works
well….<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b> Larry Pitcher
[mailto:pitcherl@...11634...] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, April 13, 2004 5:21
PM<br>
<b><span style='font-weight:bold'>To:</span></b>
'snort-users@lists.sourceforge.net'<br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: [Snort-users] Chat/IM</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><o:p> </o:p></span></font></p>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:blue'>Try blocking all
destination ports above 1023 going out to the internet... You will probably
break some things that will need exceptions to the rule, but then you'll be
covered.</span></font><o:p></o:p></p>

</div>

<p style='margin-left:.5in'><b><font size=3 face=Tahoma><span style='font-size:
12.0pt;font-family:Tahoma;font-weight:bold'><!-- Converted from text/rtf format -->Larry
Pitcher</span></font></b> <br>
<font face=Arial><span style='font-family:Arial'>Internet Product Manager</span></font>
<br>
<font face=Arial><span style='font-family:Arial'>Baker Boyer National Bank</span></font>
<br>
<font face=Arial><span style='font-family:Arial'>509.526.1429</span></font> <br>
<a href="mailto:pitcherl@...11634..."><font face=Arial><span
style='font-family:Arial'>pitcherl@...11634...</span></font></a> <o:p></o:p></p>

<blockquote style='margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>

<p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:
12.0pt;margin-left:.5in'><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b> Harper, Patrick
[mailto:patrick.harper@...11593...] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, April 13, 2004 2:05
PM<br>
<b><span style='font-weight:bold'>To:</span></b> Rowland, Krisa W ERDC-ITL-MS
Contractor; snort-users@lists.sourceforge.net<br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: [Snort-users] Chat/IM</span></font><o:p></o:p></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:blue'>from a quick Google
search (I have done this before but I did not remember off the top of my head)</span></font><o:p></o:p></p>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> <o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:blue'>Yahoo Messenger</span></font><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> <o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:blue'>cs1.yahoo.com<br>
cs2.yahoo.com<br>
cs3.yahoo.com</span></font><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> <o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:blue'>port<br>
5050 (I would just block them in general instead of worrying about ports)</span></font><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> <o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:blue'>------------</span></font><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> <o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:blue'>AIM</span></font><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> <o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:blue'>205.188.3.160<br>
205.188.7.176 <br>
205.188.7.172 <br>
205.188.7.168 <br>
205.188.7.164 <br>
205.188.5.208<br>
205.188.5.204 <br>
205.188.3.176</span></font><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> <o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:blue'>-------------<br>
MSN Messenger</span></font><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> <o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:blue'>messenger.hotmail.com<br>
TCP/1863</span></font><o:p></o:p></p>

</div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><o:p> </o:p></span></font></p>

<!-- Converted from text/plain format -->

<p style='margin-left:.5in'><font size=2 face="Times New Roman"><span
style='font-size:10.0pt'>Patrick S. Harper | CISSP RHCT MCSE<br>
Information Security Engineer<br>
patrick.harper@...11593... </span></font><o:p></o:p></p>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> <o:p></o:p></span></font></p>

</div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><o:p> </o:p></span></font></p>

<div class=MsoNormal align=center style='margin-left:.5in;text-align:center'><font
size=3 face="Times New Roman"><span style='font-size:12.0pt'>

<hr size=2 width="100%" align=center>

</span></font></div>

<p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:
12.0pt;margin-left:.5in'><b><font size=2 face=Tahoma><span style='font-size:
10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> Rowland,
Krisa W ERDC-ITL-MS Contractor [mailto:Krisa.W.Rowland@...3768...] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, April 13, 2004 2:54
PM<br>
<b><span style='font-weight:bold'>To:</span></b> Harper, Patrick; snort-users@lists.sourceforge.net<br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: [Snort-users] Chat/IM</span></font><o:p></o:p></p>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:blue'>Yes - I know it's wishful
thinking - but just wondering if anyone had had any luck doing this. </span></font><o:p></o:p></p>

</div>

<blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'>

<p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:
12.0pt;margin-left:.5in'><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b> Harper, Patrick
[mailto:patrick.harper@...11593...]<br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, April 13, 2004 3:53
PM<br>
<b><span style='font-weight:bold'>To:</span></b> Rowland, Krisa W ERDC-ITL-MS
Contractor; snort-users@lists.sourceforge.net<br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: [Snort-users] Chat/IM</span></font><o:p></o:p></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=blue face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:blue'>outbound firewall rules?</span></font><o:p></o:p></p>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> <o:p></o:p></span></font></p>

</div>

<!-- Converted from text/plain format -->

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><o:p> </o:p></span></font></p>

<p style='margin-left:.5in'><font size=2 face="Times New Roman"><span
style='font-size:10.0pt'>Patrick S. Harper | CISSP RHCT MCSE<br>
Information Security Engineer<br>
patrick.harper@...11593... </span></font><o:p></o:p></p>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> <o:p></o:p></span></font></p>

</div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><o:p> </o:p></span></font></p>

<div class=MsoNormal align=center style='margin-left:.5in;text-align:center'><font
size=3 face="Times New Roman"><span style='font-size:12.0pt'>

<hr size=2 width="100%" align=center>

</span></font></div>

<p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:
12.0pt;margin-left:.5in'><b><font size=2 face=Tahoma><span style='font-size:
10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> Rowland,
Krisa W ERDC-ITL-MS Contractor [mailto:Krisa.W.Rowland@...3768...] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, April 13, 2004 1:26
PM<br>
<b><span style='font-weight:bold'>To:</span></b>
'snort-users@lists.sourceforge.net'<br>
<b><span style='font-weight:bold'>Subject:</span></b> [Snort-users] Chat/IM</span></font><o:p></o:p></p>

<p style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>Does anyone have an effective way of blocking
chat/IM?</span></font> <o:p></o:p></p>

<p style='margin-left:.5in'><font size=4 face="Book Antiqua"><span
style='font-size:13.5pt;font-family:"Book Antiqua"'>Krisa Rowland</span></font>
<br>
<font size=2 face="Book Antiqua"><span style='font-size:10.0pt;font-family:
"Book Antiqua"'>ERDC Information Assurance Team</span></font> <br>
<font size=2 face="Book Antiqua"><span style='font-size:10.0pt;font-family:
"Book Antiqua"'>(SAIC Contractor)</span></font> <br>
<font size=2 face="Book Antiqua"><span style='font-size:10.0pt;font-family:
"Book Antiqua"'>3909 Halls Ferry Rd.,  Bldg. 8000</span></font> <br>
<font size=2 face="Book Antiqua"><span style='font-size:10.0pt;font-family:
"Book Antiqua"'>Vicksburg, MS 39180</span></font> <br>
<font size=2 face="Book Antiqua"><span style='font-size:10.0pt;font-family:
"Book Antiqua"'>601-634-2493</span></font> <br>
<font size=2 face="Book Antiqua"><span style='font-size:10.0pt;font-family:
"Book Antiqua"'>krisa.w.rowland@...3768...</span></font> <o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:
12.0pt;margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><br>
<br>
<br>
<br>
Disclaimer:<br>
This electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message may contain
information that is privileged or otherwise protected from disclosure by
applicable law. Any unauthorized disclosure, dissemination, use or reproduction
is strictly prohibited. If you have received this message in error, please
delete it and notify the sender immediately. <br style='mso-special-character:
line-break'>
<![if !supportLineBreakNewLine]><br style='mso-special-character:line-break'>
<![endif]><o:p></o:p></span></font></p>

</blockquote>

<p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:
12.0pt;margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><br>
<br>
<br>
<br>
Disclaimer:<br>
This electronic message, including any attachments, is confidential and intended
solely for use of the intended recipient(s). This message may contain
information that is privileged or otherwise protected from disclosure by
applicable law. Any unauthorized disclosure, dissemination, use or reproduction
is strictly prohibited. If you have received this message in error, please
delete it and notify the sender immediately. <br style='mso-special-character:
line-break'>
<![if !supportLineBreakNewLine]><br style='mso-special-character:line-break'>
<![endif]><o:p></o:p></span></font></p>

</blockquote>

</div>

</body>

</html>