https://community.cisco.com/t5/network-security/pix-web-sense-and-chat-programs/m-p/28172#M644878 <HTML><HEAD></HEAD><BODY><P>To block chat programs, simply use access-list on PIX. </P><P>Some of the common chat programs use following ports</P><P></P><P>**********common chat ports**********</P><P>tcp 6667 (irc) 6660- 6670 (the default being 6667).</P><P>tcp 6665-6669 (common IRC)</P><P>tcp 5190 (aol)</P><P>tcp 5190, dyn &gt;=1024 (aol ICQ)</P><P>tcp/udp 5190-5193 (aol)</P><P>tcp 1863 (msn)</P><P>tcp/udp 4020 (ichat)</P><P>tcp 5000-5001 and udp 5000-5010 (Yahoo voice chat)</P><P>tcp 5050 (Yahoo messages)</P><P>tcp 5100 (Yahoo Webcams)</P><P></P><P>Hope that helps.</P><P>R/Yusuf</P></BODY></HTML> Sun, 09 Jun 2002 06:37:45 GMT yusuff 2002-06-09T06:37:45Z https://community.cisco.com/t5/network-security/pix-web-sense-and-chat-programs/m-p/28171#M644877 <P>Hello Cisco people</P><P></P><P>We are using Web Sense to block most of the Sites that we feel necessary but have had problems with programs like AOL, MSN, ICQ chat programs. So I am going to stop this at the PIX and was wonder who out there had blocked Chat programs in the enterprise, and methods used.</P><P>I fully understand the steps needed to block what is needed on the PIX but was wanting to hear horror storied or problems you might have encountered. I would also like to know what sites (address\protocols) you had to block to stop these programs because some are http based. (AIM, MSN,ect).</P><P>For those of you who have applied rules to the inside interface of the pix, did you notice any performance issues or any other problem related to having all outbound traffic filtered?</P><P></P><P></P><P></P><P>Thank you</P><P></P><P></P><P>Thanks</P><P>Rob Mears III, CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+</P><P>Technical Mercenary</P><P>Valor Telecom.com</P><P></P> Fri, 21 Feb 2020 06:05:23 GMT https://community.cisco.com/t5/network-security/pix-web-sense-and-chat-programs/m-p/28171#M644877 rmears 2020-02-21T06:05:23Z https://community.cisco.com/t5/network-security/pix-web-sense-and-chat-programs/m-p/28172#M644878 <HTML><HEAD></HEAD><BODY><P>To block chat programs, simply use access-list on PIX. </P><P>Some of the common chat programs use following ports</P><P></P><P>**********common chat ports**********</P><P>tcp 6667 (irc) 6660- 6670 (the default being 6667).</P><P>tcp 6665-6669 (common IRC)</P><P>tcp 5190 (aol)</P><P>tcp 5190, dyn &gt;=1024 (aol ICQ)</P><P>tcp/udp 5190-5193 (aol)</P><P>tcp 1863 (msn)</P><P>tcp/udp 4020 (ichat)</P><P>tcp 5000-5001 and udp 5000-5010 (Yahoo voice chat)</P><P>tcp 5050 (Yahoo messages)</P><P>tcp 5100 (Yahoo Webcams)</P><P></P><P>Hope that helps.</P><P>R/Yusuf</P></BODY></HTML> Sun, 09 Jun 2002 06:37:45 GMT https://community.cisco.com/t5/network-security/pix-web-sense-and-chat-programs/m-p/28172#M644878 yusuff 2002-06-09T06:37:45Z https://community.cisco.com/t5/network-security/pix-web-sense-and-chat-programs/m-p/28173#M644879 <HTML><HEAD></HEAD><BODY><P>Thank you very much</P><P></P><P>I applied to the pix and BOOM!</P><P>Messangers no workie, and my phone starts ringing.</P><P></P><P>Now its time to get back to work.</P><P></P><P>Thanks for your help, it worked great.</P><P></P><P>Rob</P></BODY></HTML> Mon, 10 Jun 2002 14:12:21 GMT https://community.cisco.com/t5/network-security/pix-web-sense-and-chat-programs/m-p/28173#M644879 rmears 2002-06-10T14:12:21Z https://community.cisco.com/t5/network-security/pix-web-sense-and-chat-programs/m-p/28174#M644880 <HTML><HEAD></HEAD><BODY><P>Can I apply this access-list on PIX to block IRC :</P><P></P><P>access-list acl_in deny tcp any any range 6660 6670</P><P>access-list acl_in permit ip any any</P><P></P><P>access-group acl_in in interface inside</P><P></P><P>TIA,</P><P>Janto</P></BODY></HTML> Wed, 19 Jun 2002 03:57:47 GMT https://community.cisco.com/t5/network-security/pix-web-sense-and-chat-programs/m-p/28174#M644880 jcin 2002-06-19T03:57:47Z