Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1958
Views
0
Helpful
2
Replies

Blocking chat service on PIX firewall 515

mahavirsj
Level 1
Level 1

‎06-06-2001 04:28 AM - edited ‎02-20-2020 09:48 PM

Hi ,

I want to block chat service to a particular user.

I am using PIX FW 515 U ver 5.3(1)

I have used the fllowing commond to do so:

outbound 50 deny (IP addrs) (255.255.255.255) irc tcp

apply (inside) 50 outgoing_src

But it is not taking effect, I mean the user is still able to use the chat service.

FYI: Client gets the IP address from the Microsoft DHCP server

Could anybody help in this regard..where am I going wrong.

Thanks

regards

Mahavir

0 Helpful
2 Replies 2

p.krane
Level 3
Level 3

‎06-11-2001 02:06 PM

Parse your PIX syslog in debugging mode for traffic from that user. Make sure that they are using standard irc and not redirecting to higher ports. Also, you might just start by reloading the PIX to clear that users xlate. If they are getting a DHCP address, are you sure the address you are using is their machine?

0 Helpful

sergio.lewis
Level 1
Level 1

‎06-11-2001 02:10 PM

Hi

Is very complicate block chat service to a particular user, if he or she used DHCP, but you can put a static IP to that user, and block them...

or use websense product and block them with putting a filter, bloking by username! or block that chat for everyone!

some chat like icq used dimanic port so, the best way to block this chat is with websense....!

also you can use netstat, to know the tcp port used by the chat, then you can use the command

i.e.

outbound 10 deny 0.0.0.0 0.0.0.0 194 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 531 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 6665 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 7777 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 6997 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 5190 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 12011 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 5760 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 1731 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 1720 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 389 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 1503 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 522 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 8875 tcp

apply (inside) 10 outgoing_src

to deny that port for all!

tell me about your final desition! OK!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card