Hi Farhan, Welcome back Farhan;-) That is a good Idea, I tried it with some services and it works fine... But, what if he does not have DNS server?? I mean if his DNS at his ISP Location???
Best regards,, Magdy ""FAhmed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You can try with putting the wrong ip for icq domain in newly created zone > in your dns servers > > Best Regards > Have A Good Day!! > ++++++++++++++++++++++++++++++++++++++++++ > Farhan Ahmed > MCSE+I, MCP Win2k, CCA, CCDA, CCNA, CSE , CCNP > Network Engineer > Mideast Data Systems Abu Dhabi Uae. www.mdsemirates.com > > Tel: 97126274000 Cellular: 971507903578 > ++++++++++++++++++++++++++++++++++++++++++ > > > Be a builder, not a destroyer!!! > > > > Disclaimer: > Privileged/Confidential Information may be contained in this message or > Attachments hereto. Please advise immediately if you or your employer do > not consent to Internet email for messages of this kind. Errors and > Omissions may occur in the contents of this e-mail arising out of or in > connection with data transmission, network malfunction or failure, machine > or software error, malfunction, or by the person who is sending the email. > Mideast Data Systems accepts no responsibility for any such errors or > omissions Opinions, Conclusions and other information in this message that > do not relate to the Official business of this company shall be understood > as neither given nor Endorsed by it. > > > > -----Original Message----- > From: Chuck's Long Road [mailto:[EMAIL PROTECTED]] > Sent: Saturday, August 31, 2002 1:20 AM > To: [EMAIL PROTECTED] > Subject: Re: ICQ and blocking the thing-PIX [7:52285] > > > In a complex organization ( complex not meaning size or number of > departments, but in the way people need to work ) one might consider third > party applications such as Web Sense. > > A couple of comments below: > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" > > > > > ""Roberts, Larry"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Try my approach.. > > > > Tell people no and put it in your security policy. They violate the > > policy they get fired.. > > CL: that assumes that 1) the policy will be acceptable to management 2) the > policy will be enforced by management and 3) you have the luxury of being > able to fire people for whatever reason you deem fit, trivial or otherwise. > Even in today's bad economy, companies may not have this luxury. > > > > > Oh wait a minute, I think that goes along with cut-off desktop > > internet access I guess. > > CL: like it or not, internet access at the desktop has become one of those > intangible fringe benefits, right up there with using the photocopier for > personal business, using the telephone for personal business, using the fax > machine for personal business. When was the last time someone got fired for > making persoanl phone calls at work? Or photocopying their tax returns at > work? > > > > > Its is a VERY effective deterrent though don't you think .... > > CL: sure - IF management enforces it, or even agrees to it > > > > > Or I guess you could also just route your home subnet ( not just your > single > > home IP ) to Null0. > > I have found that effective of blocking sites when I don't have the > ability > > to walk around and see what people are doing... > > > > Trust me, for every way you can find out, I can find a way to block > > it. We may play cat and mouse for a while, but I never tire of it... > > > CL: works really well until the person you block is some Senior vice > President, or one of the top sales people ( read - revenue producers ) in > the company, and makes the claim that the service is absolutely necessary > for success on the job. That's why this stuff has to work at a policy level, > and cannot nor should be considered a matter for firewall administrators to > deal with. > > CL You gots to know your organization. > > > > > > > > Thanks > > > > Larry > > > > > > -----Original Message----- > > From: mike greenberg [mailto:[EMAIL PROTECTED]] > > Sent: Friday, August 30, 2002 2:18 PM > > To: [EMAIL PROTECTED] > > Subject: RE: ICQ and blocking the thing-PIX [7:52285] > > > > > > If port 80 is open for outbound, I can change the ssh port on my linux > > firewall to listen on port 80 as well.... As I've said before, the > > only to stop me from IM is to cut off Internet access to my desktop > > completely. Isn't Unix a wonderful thing? > > > > Creighton Bill-BCREIGH1 wrote:>There is no way for you to stop me > > because unless you cut off Internet > > >access on my desktop completely. > > > > Or until SSH port 22 is closed on the firewall > > > > Bill Creighton CCNP > > Senior System Engineer > > Motorola > > iDEN CNRC Packet Data > > > > > > -----Original Message----- > > From: mike greenberg [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, August 29, 2002 7:50 PM > > To: [EMAIL PROTECTED] > > Subject: Re: ICQ and blocking the thing-PIX [7:52285] > > > > Here is how I get around ICQ, AOL, MSN and Yahoo IM blocking: From > > work, I Secure Shell (SSH) back to my Linux Firewall. On my work > > desktop, I am running X-server (X-Win32 or Xceed) and just tunnel the > > SSH encryption from my Linux firewall back to the corporate desktop. I > > can fire up any X application to my heart desire (Netscape, AIM, > > Yahoo) that supports on > Linux > > platform. > > I can > > pretty much do whatever I want without being spied by anyone at work > because > > > > the SSH tunnel is encrypted. I can go online shopping, chat with my > friends > > without having to worry about having my conversation being recorded. > > There is no way for you to stop me because unless you cut off Internet > > access on my desktop completely. > > > > "Mears, Rob" wrote:Hi Cisco gods, > > > > I have successfully blocked all chat services at the PIX firewall, I > think. > > As I walk around and find people using MSN or Messenger I find that > > public proxy they are using and kill it too. BUT, I am having a hell > > of a time > with > > ICQ. I do have all the ports UDP and TCP blocked so it does not work > UNLESS > > they use port 80. This is where I am stuck, I cant block port 80 as > > you > know > > so how do I kill this monster? Has any one had luck with this and has > anyone > > found a way to stop the public proxy usage? I really feel as if I am > > fighting a losing battle, cuss for every block I am countered with a > > way around it. > > > > My inside ACL in the pix is quite impressive and all just for blocking > this > > crap, if anyone would like it for theirs I will provide as it is > > proven > and > > works, with exception to ICQ. > > > > > > HELP WANTED > > > > Thanks > > Rob Mears III, CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+ > > Technical Mercenary Do You Yahoo!? Yahoo! Finance - Get real-time > > stock quotes Do > You > > Yahoo!? Yahoo! Finance - Get real-time stock quotes Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52467&t=52285 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
