Been trying to use Shorewall to stop the use of Instant Messenger services (specifically AOL''s IM) on my LAN. Have not had any luck yet. Anyone know how I can? Thanks
Try blocking all outbound connections to 205.188.7.0/23 Kind of a sledge hammer approach to the problem, but that''s what is needed. AIM will bind to any port that it can get it''s grubby paws on. HTH Jeff>>> "Rick Kemp" <rick.kemp@dps-inc.com> 08/28/02 07:45AM >>>Been trying to use Shorewall to stop the use of Instant Messenger services (specifically AOL''s IM) on my LAN. Have not had any luck yet. Anyone know how I can? Thanks
> -----Original Message----- > From: Rick Kemp [mailto:rick.kemp@dps-inc.com] > Sent: Wednesday, August 28, 2002 8:45 AM > To: shorewall-users@shorewall.net > Subject: [Shorewall-users] Block Instant Massager Services ? > > > Been trying to use Shorewall to stop the use of Instant Messenger > services (specifically AOL''s IM) on my LAN. Have not had any > luck yet. > Anyone know how I can? > Thanks >Don''t use AIM here, so I don''t know how much help I can offer. Plus you have not told us what protocol/ports AIM uses or even described how shorewall is configured at your end. i.e. proxyarp, masq, nat, etc... So I''m left with posting what I think would be a relevant example from my rules file: NOTE: My shorewall policy file allows all traffic from loc->net, so I only list the REJECT''s to the loc->net policy in my rules file. My LAN address is 192.168.9.0/24, which is masq''d. # Stop e-mail viruses that install there own MTA on Windows # clients. Only allow the outbound mail server to send e-mails. REJECT:info loc:!192.168.9.3 net tcp smtp With the above NOTE in mind: I would think something like the following might work: REJECT loc net tcp <AIM port range> ...and/or REJECT loc net udp <AIM port range> Steve Cowles
Not enough, this is a list of AIM servers : AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.1 2.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] maybe others... maybe some protocol analysis should be better... Try to block these destinations ports also : aol 5190/tcp # America-Online. Also can be used by ICQ aol 5190/udp # America-Online. aol-1 5191/tcp # AmericaOnline1 aol-1 5191/udp # AmericaOnline1 aol-2 5192/tcp # AmericaOnline2 aol-2 5192/udp # AmericaOnline2 aol-3 5193/tcp # AmericaOnline3 aol-3 5193/udp # AmericaOnline3 (a good range seems to be 5190-5290 ?) ----- Original Message ----- From: "Jeff Falgout" <JFalgout@co.jefferson.co.us> To: <rick.kemp@dps-inc.com>; <shorewall-users@shorewall.net> Sent: Wednesday, August 28, 2002 4:41 PM Subject: Re: [Shorewall-users] Block Instant Massager Services ?> Try blocking all outbound connections to 205.188.7.0/23 > > Kind of a sledge hammer approach to the problem, but that''s what is > needed. > AIM will bind to any port that it can get it''s grubby paws on. > > HTH > Jeff > > >>> "Rick Kemp" <rick.kemp@dps-inc.com> 08/28/02 07:45AM >>> > Been trying to use Shorewall to stop the use of Instant Messenger > services (specifically AOL''s IM) on my LAN. Have not had any luck > yet. > Anyone know how I can? > Thanks > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users >
At 8/28/2002 10:45 AM, Rick Kemp wrote:>Been trying to use Shorewall to stop the use of Instant Messenger >services (specifically AOL''s IM) on my LAN. Have not had any luck yet. >Anyone know how I can? >ThanksTalking about Instant Messengers, let me talk about MSN Messenger. Several months ago, a friend of mine wanted to block MSN Msg. Was easy: block port tcp 1863. But for my surprise, a certain MSN Msg version (I don''t know if it persists because I use Trillian for MSN connections) after an unsuccessful connection to port 1863, it tries via port 80 (www). As any firewall it''s allowed to surf via port 80, MSN Mgr STILL WORKED. The ''solution'' was to block the entire subnet for ''messenger.hotmail.com''. -Gilson