Re: Block instant messaging with Pix 7?

"Nicholas DePetrillo" <nick_usenet@oshean.org> wrote in message
news:pan.2006.01.31.01.46.44.8588@oshean.org...
> On Sat, 28 Jan 2006 13:48:17 -0600, Marc Teale wrote:
>
>> I upgraded my Cisco Pix 515 to OS version 7.04 a while ago because Cisco
>> has all sorts of marketing up on their site claiming that it can block
>> instant messaging.
>>
>> Well, I've found a lot of marketing material on their site, but I
>> haven't been able to find any actual documentation on how to do it.
>> Does anyone have experience with this? It would be much appreciated.
>>
>> Thanks,
>> Marc
>
> I recently installed 7.04 and I noticed it has "inspection engines" that
> allow for layer 4-7 inspection. So it should come with some facility to
> detect and block popular instant messaging protocols via application layer
> 7 inspection. Check the PIX 7.04 ASDM docs, it should mention something.
>
> You could always just block the ports some popular instant messaging
> services run on. Here is a list of a few:
>
> AIM
> 5190 - 5193
>
> MSN Messenger (Including Voice)
> 6901, 6891-6900
>
> Yahoo
> 5050
>
> You can find more on Google.
>

Pretty sure all those services will fall back to port 80 if you block those
ports. One trick we used to do before we had firewalls that could identify
that traffic regardless of port, was to permit them but rate limit them to
such a degree that they're useless for practical puposes. By permitting
them you prevent the fallback to alternate ports but at 1kbps, when mulitple
users hit the service it's almost completely useless.

-Russ.
Received on Tue Feb 7 20:58:30 2006