Simeon Johnston <simeonuj_at_eetc.com> writes:
> I have asked this before and have blocked AIM and others but am
> wondering if there is an easier way? In iptables (I think you can
> do this) I could block by URL. But that is another rule and DNS
> lookup that the FW has to do. Why not change those addresses on the
> internal DNS to point to something bogus? Like login.oscar.aol.com
> for AIM would point to a bogus internal address. Would this work?
> That way the ports wouldn't matter. I would just need to find out
> what URL the IM is looking for.
That will make it more difficult, but not impossible, for users to use
AIM. They could easily bypass your restrictions by:
1. Changing the hostname that their AIM client users. Not sure if
this is possible with the stock client, but I know there are
alternate clients out there that can do this.
2. Using somebody else's DNS server. If they simply change their
DNS server to somebody else's that's willing to answer recursive
queries for them (many are), they won't see your restrictions
at all.
3. Putting the IP address in their WINDOWS\hosts file, the
equivalent of UNIX's /etc/hosts file. That IP address will be
used instead of asking your DNS server.
----ScottG.
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Received on Oct 30 2001
Intro
