Re: Block instant messaging with Pix 7?

On Tue, 31 Jan 2006 10:22:47 -0500, Somebody. wrote:

>
> Pretty sure all those services will fall back to port 80 if you block those
> ports. One trick we used to do before we had firewalls that could identify
> that traffic regardless of port, was to permit them but rate limit them to
> such a degree that they're useless for practical puposes. By permitting
> them you prevent the fallback to alternate ports but at 1kbps, when mulitple
> users hit the service it's almost completely useless.
>
> -Russ.

That's a good point, they are sneaky.

I haven't checked my PIX ASDM yet but I am sure that
the inspection engine/layer 4-7 inspection usage is in the documentation
for the PIX. It should not be that hard to get going.

-- 
Nick DePetrillo
Network Security Engineer
OSHEAN
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x121245B5