ICQ now has a web based version also, just go the web put in your ID and your on. Now being devils advocate I am aware of the trojans and viruses that get spread on ICQ, but if it is not interferring with work progress then why such the hassle. It seems as if your burning more cycles trying to block it when it almost seems to me that this is a loosing battle. The only recourse I think you have is to go to HR with your security plan have them put this in your computer ussage policy for work and then brief everyone of the employees why this is a no no. I have sniffed the web version with sniffer pro and it looks to me it strictly uses port 80.
But just by blocking it and I do not know if you are notifying anyone or if this is in your security poilicy it just seems like you're a loose renegade on the network to implement your own security policy which will tick people off. I think if you take my approach above and people understand why your are doing it then it is less likely to turn whirlwinds into a hurricane of upset users especially if it was allowed in the past. NO BASHING please :) you may have took these steps already then if so the only thing to do is report them to HR especially if it is causing problems for you on the network and putting business assets at risk. -----Original Message----- From: Shawn Heisey [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 4:21 PM To: [EMAIL PROTECTED] Subject: Re: ICQ and blocking the thing-PIX [7:52285] I may be off my rocker, but I think it's possible that you could set up an IDS system that blocks access to any IP on the outside that sends packets to your network that look like ICQ. At the very least it could record the addresses for future inclusion into ACLs. This won't block the people who set up SSH tunnelling as described in other messages, but you can make it a violation of security policy to use that kind of back door. Thanks, Shawn "Mears, Rob" wrote: > > Hi Cisco gods, > > I have successfully blocked all chat services at the PIX firewall, I > think. As I walk around and find people using MSN or Messenger I find > that public proxy they are using and kill it too. BUT, I am having a > hell of a time with ICQ. I do have all the ports UDP and TCP blocked > so it does not work UNLESS they use port 80. This is where I am stuck, I > cant block port 80 as you know so how do I kill this monster? Has any > one had luck with this and has anyone found a way to stop the public > proxy usage? I really feel as if I am fighting a losing battle, cuss > for every block I am countered with a way around it. > > My inside ACL in the pix is quite impressive and all just for blocking > this crap, if anyone would like it for theirs I will provide as it is > proven and works, with exception to ICQ. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52398&t=52285 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]