OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
RE: [Snort-users] Chat/IM

From: Lyons, Jon (Jon_Lyonsenh.org)
Date: Wed Apr 14 2004 - 16:13:33 CDT

I just create fake DNS entries for IM/P2P stuff, then create a firewall
to stop the clients from using other DNS servers...Works well....
 
-----Original Message-----
From: Larry Pitcher [mailto:pitcherlbakerboyer.com]
Sent: Tuesday, April 13, 2004 5:21 PM
To: 'snort-userslists.sourceforge.net'
Subject: RE: [Snort-users] Chat/IM
 
Try blocking all destination ports above 1023 going out to the
internet... You will probably break some things that will need
exceptions to the rule, but then you'll be covered.
Larry Pitcher
Internet Product Manager
Baker Boyer National Bank
509.526.1429
pitcherlbakerboyer.com <mailto:pitcherlbakerboyer.com>
        -----Original Message-----
        From: Harper, Patrick [mailto:patrick.harperphns.com]
        Sent: Tuesday, April 13, 2004 2:05 PM
        To: Rowland, Krisa W ERDC-ITL-MS Contractor;
snort-userslists.sourceforge.net
        Subject: RE: [Snort-users] Chat/IM
        from a quick Google search (I have done this before but I did
not remember off the top of my head)
         
        Yahoo Messenger
         
        cs1.yahoo.com
        cs2.yahoo.com
        cs3.yahoo.com
         
        port
        5050 (I would just block them in general instead of worrying
about ports)
         
        ------------
         
        AIM
         
        205.188.3.160
        205.188.7.176
        205.188.7.172
        205.188.7.168
        205.188.7.164
        205.188.5.208
        205.188.5.204
        205.188.3.176
         
        -------------
        MSN Messenger
         
        messenger.hotmail.com
        TCP/1863
         
        Patrick S. Harper | CISSP RHCT MCSE
        Information Security Engineer
        patrick.harperphns.com
         
         
        
  _____

        From: Rowland, Krisa W ERDC-ITL-MS Contractor
[mailto:Krisa.W.Rowlanderdc.usace.army.mil]
        Sent: Tuesday, April 13, 2004 2:54 PM
        To: Harper, Patrick; snort-userslists.sourceforge.net
        Subject: RE: [Snort-users] Chat/IM
        Yes - I know it's wishful thinking - but just wondering if
anyone had had any luck doing this.
                -----Original Message-----
                From: Harper, Patrick [mailto:patrick.harperphns.com]
                Sent: Tuesday, April 13, 2004 3:53 PM
                To: Rowland, Krisa W ERDC-ITL-MS Contractor;
snort-userslists.sourceforge.net
                Subject: RE: [Snort-users] Chat/IM
                outbound firewall rules?
                 
                 
                Patrick S. Harper | CISSP RHCT MCSE
                Information Security Engineer
                patrick.harperphns.com
                 
                 
                
  _____

                From: Rowland, Krisa W ERDC-ITL-MS Contractor
[mailto:Krisa.W.Rowlanderdc.usace.army.mil]
                Sent: Tuesday, April 13, 2004 1:26 PM
                To: 'snort-userslists.sourceforge.net'
                Subject: [Snort-users] Chat/IM
                Does anyone have an effective way of blocking chat/IM?
                Krisa Rowland
                ERDC Information Assurance Team
                (SAIC Contractor)
                3909 Halls Ferry Rd., Bldg. 8000
                Vicksburg, MS 39180
                601-634-2493
                krisa.w.rowlanderdc.usace.army.mil
                
                
                
                
                Disclaimer:
                This electronic message, including any attachments, is
confidential and intended solely for use of the intended recipient(s).
This message may contain information that is privileged or otherwise
protected from disclosure by applicable law. Any unauthorized
disclosure, dissemination, use or reproduction is strictly prohibited.
If you have received this message in error, please delete it and notify
the sender immediately.
                
                
        
        
        
        
        Disclaimer:
        This electronic message, including any attachments, is
confidential and intended solely for use of the intended recipient(s).
This message may contain information that is privileged or otherwise
protected from disclosure by applicable law. Any unauthorized
disclosure, dissemination, use or reproduction is strictly prohibited.
If you have received this message in error, please delete it and notify
the sender immediately.
        
        

-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users