Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Jon Paine (jon.paine_at_allasso.com)
Date: Thu Aug 22 2002 - 11:19:05 CDT
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
This is my first post to the list, so please excuse me.
If it is so difficult to block Yahoo by address with RealSecure, why not try
blocking it elsewhere...?
Many URL filtering products will allow you to do this and will integrate
with Firewalls and Proxy Servers.
If you are only monitoring the traffic and don't want to block it,
examination of the Firewall or Proxy log files using a log analysis product
will give you this information.
Going out on a limb, if you had a local DNS server for your network, would
it be possible to *poison* the DNS cache so that the "*.mail.yahoo.com."
FQDN's resolve elsewhere...? Say a status page on your Intranet saying that
Webmail is prohibited...?
We all know that IDS's are only part of a full security solution and perhaps
this problem is better addressed elsewhere...?
Couple of points, I don't know DNS that well and secondly, I work for a
European Security Distributor selling across the FW, IDS, filtering, AV,
security and network performance areas. Hence I haven't included brands...!
If you feel that replies are too off topic for the list, please reply
Hope this helped...!
Jon Paine. Technical Lead.
Allasso European Support Centre.
SMTP - mailto:supportallasso.com
WEB - http://support.allasso.com
Tel. 0870 366 8533 (+44 118 971 1533)
Fax. 0870 366 8544 (+44 118 971 1544)
PGP Fingerprint: ADD3 07AC ED47 292A BF61 E124 E81F 9249 7AD9 6E0C
> -----Original Message-----
> From: Chris Caydes [mailto:chris_caydesyahoo.com]
> Sent: 21 August 2002 23:59
> To: jaimeulima.edu.pe; issforumiss.net
> Subject: Re: Detecting a yahoo mail logon
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of
> your message to
> majordomoiss.net Contact issforum-owneriss.net for help
> with any problems!
> The Yahoo! Mail service uses servers in the
> *.mail.yahoo.com subdomain. So basically, it would
> take a rule to detect HTTP access to this subdomain,
> or access to http://mail.yahoo.com, which is the head
> of Yahoo! Mail.
> Unfortunately, adresses like f200.mail.yahoo.com,
> f102.mail.yahoo.com and f130.mail.yahoo.com are not
> conveniently located in the same IP network. You
> cannot simply specify an IP Address range in the rule,
> you would have to specify individual IP Addresses,
> which would take you forever. Plus Yahoo! probably
> changes these addresses every now and then, to make it
> more difficult for admins to block the service, so
> don't bother.
> It looks like Yahoo is doing everything they can to
> prevent security and IT people from restricting access
> to their web services.
> The IP Blocks hereunder are those of Yahoo's web
> services such as Mail, Messenger, Store, Ads, etc. I
> haven't checked all the services hosted in there. If
> you monitor accesses to these addresses, you'll have
> an idea of who's using Yahoo Mail, Yahoo Messenger,
> and other free Yahoo services.
> EC20-2-YAHOO1 : 184.108.40.206/22
> EC20-2-YAHOO2 : 220.127.116.11/22
> EC20-2-YAHOO3 : 18.104.22.168/22
> EC20-2-YAHOO4 : 22.214.171.124/24
> EC20-2-YAHOO5 : 126.96.36.199/22
> EC20-2-YAHOO6 : 188.8.131.52/24
> By blocking these address ranges, you would block many
> Yahoo services (including Mail), but I haven't figured
> all the entire list of services hosted in these
> ranges. The way the Yahoo IP network is setup makes it
> difficult to block access to some of their services,
> while leaving access to others, like allowing access
> to Mail, and blocking Messenger for instance).
> Note : the main Yahoo website is not located in theses
> ranges, the addresses are all in the 64.58.76.X
> address range.
> > Has anyone found out a way to detect a logon to
> > yahoo mail service with RealSecure?
> > Or any other method suggested?
> > Thanks
> Do You Yahoo!?
> HotJobs - Search Thousands of New Jobs
Please note that:
1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this
confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate
or in any other way use or rely on this information.
2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business
3. The contents of this email are those of the individual and do not necessarily represent the views of the company.
4. The company does not conclude contracts by email and all negotiations are subject to contract.
5. The company accepts no responsibility once an e-mail and any attachments is sent.
RG7 4AQ UK
T: +44 118 971 1511
F: +44 118 971 1522