[c-nsp] PIX Question

Sun Mar 6 18:48:52 EST 2005

Hi Paul,

You can use a Websense or N2H2 server inline with your PIX to filter
traffic to certain websites based on category.  I have only had
experience with a Websense box though...

Bear in mind the Websense wont filter ALL traffic to sites, just
http(s).  The Websense will prevent users from downloading clients, as
the http to those sites will be blocked.

As for the IM traffic itself, try experimenting with this:

AOL IM
login.oscar.aol.com
Default Port: 5190
64.12.161.153
64.12.161.185
64.12.200.89
205.188.179.233

ICQ
login.icq.com
Default Port: 5190
64.12.162.153
64.12.162.185
64.12.200.89
205.188.179.233

MSN Messenger
207.46.104.20 gateway.messenger.hotmail.com
64.4.13.171 http1.msgr.hotmail.com
.. .. .. ..
.. .. .. ..
64.4.13.190 http20.msgr.hotmail.com
.. .. .. ..

Yahoo
cs.yahoo.com
Default Port: 5050
216.136.175.145
216.136.224.213
216.136.224.214
216.136.225.11
216.136.225.12
216.136.225.35
216.136.225.36
216.136.225.83
216.136.225.84
216.136.226.117
216.136.226.118
216.136.131.93
216.136.175.142
216.136.175.143
216.136.175.144
216.136.233.128 (latest)

Bear in mind that these guys change their IPs/Servers etc reasonably
often, so you may need to see how things go.  ICQ and AIM use the same
protocols, and some clients can even co-habitat contacts.

Good luck!

Cheers,
Matt

-- 
Matt Hill
DPS - Internet Engineering
Alcatel Australia Pty Ltd
180-188 Burnley St
Richmond, Vic, AU 3121
e: matt.hill at aapt.com.au
v: +61 3 8687 5739
f: +61 3 8414 3115
m: ask and you may receive

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Josh Duffek
Sent: Saturday, 5 March 2005 3:18 AM
To: Paul Stewart; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] PIX Question

Just block all traffic destined to messenger.msn.com.  Other
applications might not be so easy so I guess it would be a case by case
type thing for those.

Got a list?

Thanks,

josh duffek    network engineer
consultantjd16 at ridemetro.org

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Paul Stewart
> Sent: Friday, March 04, 2005 10:11 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] PIX Question
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Can a Cisco PIX be used to block application specific traffic such as
> MSN Messenger?  I am looking for Cisco based options to control which
> applications an office can use via a PIX... some applications are easy
> as we can just block ports etc. however MSN for example will drop to
> 80/tcp I believe and we don't want to block http...
> 
> Is there a better device than the PIX or something that we can add to
> it? We basically want to list specific applications and protocols that
> *can* be used and deny everything else...
> 
> To make it more complicated, is there a way to allow certain users
> specific rights?
> 
> Any practical experience in implementing this preferably with Cisco
> related software/hardware would be of great assistance.. we have a PIX
> in one of our offices that is basically a glorified NAT box at this
> time..:)
> 
> Thanks for your time,
> 
> Paul
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (MingW32)
> 
> iD8DBQFCKIilqMetgU57IuQRAtGNAJ9+EbJNE8y19weNoVfgOaRO63BpyACgi8+w
> 2nyq2IPzLN2KP6cQIjlSAXM=
> =CwUE
> -----END PGP SIGNATURE-----

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

------------------------------------------------------------------------------
This communication, including any attachments, is confidential. If 
 you are not the intended recipient, you should not read it - please 
 contact me immediately, destroy it, and do not copy or use any part of 
 this communication or disclose anything about it.

------------------------------------------------------------------------------