So true but ICQ is using port 80, which kills me -----Original Message----- From: Creighton Bill-BCREIGH1 [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 29, 2002 12:07 PM To: [EMAIL PROTECTED] Subject: RE: ICQ and blocking the thing-PIX [7:52285]
Make sure that you carefully figure out the correct side of the connection. ICQ server runs on port 4000, and the client chooses a random high-numbered port. That means you will see UDP packets FROM (inbound/source) port 4000 going to the random port. In other words, don't go looking in a port database trying to figure what that random, high-numbered port means. The significant port is the source. HTH Bill Creighton CCNP Senior System Engineer Motorola iDEN CNRC Packet Data -----Original Message----- From: Mears, Rob [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 29, 2002 9:48 AM To: [EMAIL PROTECTED] Subject: ICQ and blocking the thing-PIX [7:52285] Hi Cisco gods, I have successfully blocked all chat services at the PIX firewall, I think. As I walk around and find people using MSN or Messenger I find that public proxy they are using and kill it too. BUT, I am having a hell of a time with ICQ. I do have all the ports UDP and TCP blocked so it does not work UNLESS they use port 80. This is where I am stuck, I cant block port 80 as you know so how do I kill this monster? Has any one had luck with this and has anyone found a way to stop the public proxy usage? I really feel as if I am fighting a losing battle, cuss for every block I am countered with a way around it. My inside ACL in the pix is quite impressive and all just for blocking this crap, if anyone would like it for theirs I will provide as it is proven and works, with exception to ICQ. HELP WANTED Thanks Rob Mears III, CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+ Technical Mercenary Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52606&t=52285 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]