cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2502
Views
0
Helpful
32
Replies

ICQ and the PIX

rmears
Level 1
Level 1

Hi Cisco gods,

I have successfully blocked all chat services at the PIX firewall, I think. As I walk around and find people using MSN or Messenger I find that public proxy they are using and kill it too. BUT, I am having a hell of a time with ICQ. I do have all the ports UDP and TCP blocked so it does not work UNLESS they use port 80. This is where I am stuck, I cant block port 80 as you know so how do I kill this monster? Has any one had luck with this and has anyone found a way to stop the public proxy usage? I really feel as if I am fighting a losing battle, cuss for every block I am countered with a way around it.

My inside ACL in the pix is quite impressive and all just for blocking this crap, if anyone would like it for theirs I will provide as it is proven and works, with exception to ICQ.

HELP WANTED

Thanks

Rob Mears III, CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+

Technical Mercenary

32 Replies 32

thong.do
Level 1
Level 1

It seems like the Proxy fully goes out to the internet without restriction. Configure the Pix to filter out this Proxy, and allow certain protocols and ports only.

Good luck

jtowne
Level 1
Level 1

I would be interested in your acl, if you would be so kind to send it to me at happy_usr@yahoo.com.

Thanks!

stippick
Level 1
Level 1

Rob,

Could you send me a copy of your inside access list? I would appreciate it.

Thanks

karl@sitestuff.com

I would appreciate if I can get a copy of your impressive ACL. I am also working on blocking some peer-peer file services and instant messengers.

7l-schwab
Level 1
Level 1

Rob,

Would you email a copy of those ACL's to me. I'm running Websense as well but have 9 locations connected via VPN tunnels (506's to 515 at host end) and would like to do some port blocking on the remote 506's. Currently do not have the ability to put a websense server in each location and for a few of them I don't want send all traffice back through the host to get internet access, seems like a waste. My email address is lschwab@rdoequipment.com. Thanks.

Can I get a copy too. I'm in the same boat.

crystal91
Level 1
Level 1

Would you send me a copy of your PIX inside access list?

thanks in advance ! ^^

crystal91@tec.comtec.co.kr

jerryd
Level 1
Level 1

Have you tried to block the server login.icq.com on all ports? For users to be able to use ICQ they have to authenticate to the login server for their status to be known to other users

You really should take the advice of jerryd: "block the server login.icq.com"

It's the only way, apart from handing off to a CVP server. I imagine you could probably halve your access-lists at the same time.

Having 100 access-lists is just not going to solve your problem.

ie I personally use port 443 for icq and am sure many others do as well.

mlebron
Level 1
Level 1

I too would like a copy of your ACLs please: mlebron@agfirst.com

please send me your ACL. Thanks. Dave

dwebster@mnc.com

j.koelewijn
Level 1
Level 1

Hi rob,

I would really like to receive a copy of your inside acl.

I'am facing more or less the same problem.

Could you send it to the following address:

j_koelewijn@yahoo.com

Thanks,

Jaap Koelewijn

Me also, please.

hornbeck@siskiyous.edu

gbero
Level 1
Level 1

I am also interested to receive some of your configs.

Could you please send it to G.Bero@hoffmann-gmbh.de

Thank you in advance

Review Cisco Networking for a $25 gift card