[c-nsp] Filtering traffic to destinations based off ofDNSaddresses on an ASA?

Steve McCrory smccrory at gcicom.net
Fri Feb 10 05:11:40 EST 2012


We were lucky enough to not have any users who were savvy enough to know
that ;o)

-----Original Message-----
From: Nick Hilliard [mailto:nick at foobar.org] 
Sent: 09 February 2012 20:05
To: Steve McCrory
Cc: Matthew Park; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Filtering traffic to destinations based off
ofDNSaddresses on an ASA?

On 09/02/2012 18:26, Steve McCrory wrote:
> It depends on how you structure your regex but the format we used
seemed
> pretty effective at blocking all traffic destined for those domains

It will certainly block http, but what about https?  The popular sites
mentioned (e.g. *.google.com, www.youtube.com, *.facebook.com) all
support
https.

Nick



This email has been swept by Webroot for viruses. Any files transmitted with it are confidential and intended solely for the email recipient. If you are not the intended recipient please delete this email immediately. Be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this email in error please notify the system administrator. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses.


GCI Com incorporates the following Group Companies:
GCI Telecom Group Limited Reg. No. 5396496, Edge Telecommunications Ltd Reg. No. 5748740, Edge Telecom Ltd Reg. No. 3101247, IP Infrastructures Ltd Reg. No. 4657026, Invomo Ltd Reg. No. 6267056, NetServices UK Ltd Reg. No. 7118768, WAN Services Ltd Reg. No. 4082862. All Registered in England and Wales, Registered Office: Global House, 2 Crofton Close, Lincoln, LN3 4NT


More information about the cisco-nsp mailing list