[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: [K12OSN] Instant Messanger



What you want is policy-based routing.  That's how we deal with it.  Ever since IM clients started using TCP 80, etc., it became a bear for us to stop w/o DoS'ing the whole school district.  Policy-based routing works no matter what TCP or UDP port you're on.  The router is able to actually examine the protocol running across the wire and put a stop to whatever traffic you don't want flowing.  We also did this with Code Red, Nimda, etc.  This ability was invented precisely because of what you're running into below.

--TP

On Tue, 2003-09-30 at 20:28, Caleb Wagnon wrote:
Nicholas Santiago said:
> Hi Jack,
>
> At Holy Infancy, what we do is we set something up on our firewalla just
> to block the ports that the major IM programs (AIM, ICQ, Yahoo, Jabber,
> etc.) utilize and leave only one available... MSN Messenger.

Really? Because I have found that many of these messengers now use port 80
or scan for another open port when the default port is blocked. I used to
have them all blocked at our firewall until they started using 80 and
scanning for other ports. If you're blocking them successfully....is there
somehow you could find it in your heart to let me know which ports you are
blocking exactly? That would be greatly appreciated!!

-- 
Caleb Wagnon MCP A+ CCNA
Technology Coordinator
Fordyce School District
Fordyce, AR 71742
870.352.2968
http://redbugs.dsc.k12.ar.us








-----------------------------------------
Outgoing mail is certified Virus Free.
checked by Clam Antivirus (http://www.clamav.org)
Fordyce Schools Redbugmail System


_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

Do you Slack!?
Slackware GNU/Linux - Free, easy-to-trust web site server software

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]