[c-nsp] PIX Question
Paul Stewart
pauls at nexicom.net
Sun Mar 6 19:53:11 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks Matt for the detailed response...
The Websense I have played with at a client site before... worked pretty
good I must admit...
My main goal with this other project is to basically deny all, permit
little..:)
Does Cisco make (or third party if we had to) a box of some type that
perhaps sits "on the wire" right before our traffic hits the PIX and
will block everything except what we wish to travel through?
Basically, I think we *only* want to permit the following:
telnet/ssh
http (80, 10000, 8443)
smtp
pop3
https
The client wants to definately block ALL peer to peer, messaging,
streaming audio etc...
I think that's about it... *any* ideas on this would be great.. my only
reason for leaning towards Cisco is because all our switches, routers
and firewalls are Cisco currently....
Thanks in advance,
Paul
Matt Hill wrote:
| Hi Paul,
|
| You can use a Websense or N2H2 server inline with your PIX to filter
| traffic to certain websites based on category. I have only had
| experience with a Websense box though...
|
| Bear in mind the Websense wont filter ALL traffic to sites, just
| http(s). The Websense will prevent users from downloading clients, as
| the http to those sites will be blocked.
|
| As for the IM traffic itself, try experimenting with this:
|
| AOL IM
| login.oscar.aol.com
| Default Port: 5190
| 64.12.161.153
| 64.12.161.185
| 64.12.200.89
| 205.188.179.233
|
| ICQ
| login.icq.com
| Default Port: 5190
| 64.12.162.153
| 64.12.162.185
| 64.12.200.89
| 205.188.179.233
|
| MSN Messenger
| 207.46.104.20 gateway.messenger.hotmail.com
| 64.4.13.171 http1.msgr.hotmail.com
| .. .. .. ..
| .. .. .. ..
| 64.4.13.190 http20.msgr.hotmail.com
| .. .. .. ..
|
| Yahoo
| cs.yahoo.com
| Default Port: 5050
| 216.136.175.145
| 216.136.224.213
| 216.136.224.214
| 216.136.225.11
| 216.136.225.12
| 216.136.225.35
| 216.136.225.36
| 216.136.225.83
| 216.136.225.84
| 216.136.226.117
| 216.136.226.118
| 216.136.131.93
| 216.136.175.142
| 216.136.175.143
| 216.136.175.144
| 216.136.233.128 (latest)
|
| Bear in mind that these guys change their IPs/Servers etc reasonably
| often, so you may need to see how things go. ICQ and AIM use the same
| protocols, and some clients can even co-habitat contacts.
|
| Good luck!
|
| Cheers,
| Matt
|
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
iD8DBQFCK6X3qMetgU57IuQRAtLhAJ9IC8j+ChmlBJKLG4mxMZ6pYfINgACeNRh8
xVDqePwoa+HXnXrf9WJ56U0=
=EPer
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list