08-29-2002 06:52 AM - edited 02-20-2020 10:13 PM
Hi Cisco gods,
I have successfully blocked all chat services at the PIX firewall, I think. As I walk around and find people using MSN or Messenger I find that public proxy they are using and kill it too. BUT, I am having a hell of a time with ICQ. I do have all the ports UDP and TCP blocked so it does not work UNLESS they use port 80. This is where I am stuck, I cant block port 80 as you know so how do I kill this monster? Has any one had luck with this and has anyone found a way to stop the public proxy usage? I really feel as if I am fighting a losing battle, cuss for every block I am countered with a way around it.
My inside ACL in the pix is quite impressive and all just for blocking this crap, if anyone would like it for theirs I will provide as it is proven and works, with exception to ICQ.
HELP WANTED
Thanks
Rob Mears III, CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+
Technical Mercenary
08-29-2002 12:20 PM
It seems like the Proxy fully goes out to the internet without restriction. Configure the Pix to filter out this Proxy, and allow certain protocols and ports only.
Good luck
08-29-2002 01:08 PM
I would be interested in your acl, if you would be so kind to send it to me at happy_usr@yahoo.com.
Thanks!
09-17-2002 10:05 AM
Rob,
Could you send me a copy of your inside access list? I would appreciate it.
Thanks
09-24-2002 06:43 AM
I would appreciate if I can get a copy of your impressive ACL. I am also working on blocking some peer-peer file services and instant messengers.
09-26-2002 12:27 PM
Rob,
Would you email a copy of those ACL's to me. I'm running Websense as well but have 9 locations connected via VPN tunnels (506's to 515 at host end) and would like to do some port blocking on the remote 506's. Currently do not have the ability to put a websense server in each location and for a few of them I don't want send all traffice back through the host to get internet access, seems like a waste. My email address is lschwab@rdoequipment.com. Thanks.
09-26-2002 12:49 PM
Can I get a copy too. I'm in the same boat.
09-29-2002 09:01 PM
Would you send me a copy of your PIX inside access list?
thanks in advance ! ^^
10-02-2002 11:56 PM
Have you tried to block the server login.icq.com on all ports? For users to be able to use ICQ they have to authenticate to the login server for their status to be known to other users
10-11-2002 06:11 AM
You really should take the advice of jerryd: "block the server login.icq.com"
It's the only way, apart from handing off to a CVP server. I imagine you could probably halve your access-lists at the same time.
Having 100 access-lists is just not going to solve your problem.
ie I personally use port 443 for icq and am sure many others do as well.
10-03-2002 05:57 AM
I too would like a copy of your ACLs please: mlebron@agfirst.com
10-23-2002 08:03 AM
please send me your ACL. Thanks. Dave
10-07-2002 01:08 AM
Hi rob,
I would really like to receive a copy of your inside acl.
I'am facing more or less the same problem.
Could you send it to the following address:
Thanks,
Jaap Koelewijn
10-07-2002 11:35 AM
Me also, please.
10-07-2002 02:49 AM
I am also interested to receive some of your configs.
Could you please send it to G.Bero@hoffmann-gmbh.de
Thank you in advance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide