Yeah, basically I have 4 subnets, 1 for each floor, and 1 that the backbone is
on, so I have outbound lists for each floor. To block all of the AOL IM and
Quick Buddy stuff, I basically used:
outbound 6 deny 198.81.24.76 255.255.255.255 0 ip
outbound 6 deny 198.81.24.108 255.255.255.255 0 ip
outbound 6 deny 198.81.24.109 255.255.255.255 0 ip
outbound 6 deny 198.81.24.75 255.255.255.255 0 ip
outbound 6 deny 205.188.153.139 255.255.255.255 0 ip
outbound 6 deny 205.188.222.249 255.255.255.255 0 ip
outbound 6 deny 205.188.161.249 255.255.255.255 0 ip
also made sure that I had:
apply (inside) 6 outgoing_dest
I mean I block really everything, and only permit access to ftp 20/21, 80, 53,
443, etc... I had the problem at first with AOL AIM, but after doing some
traces on it, the above blocks the AOL IM Server, (login.oscar.aol.com), it
also blocks the individual java page that tries to load from a browser for the
Quick Buddy, and finally, it also blocks access to AOL NetMail. If I could get
a clean trace for Yahoo, I would probably be set... Ofcourse, the above also is
replicated in two more outbound lists, 7, and 8 for two other floors..
Regards,
Stephen Robertson
Network Operations
Cinemark USA
Email: [EMAIL PROTECTED]
Phone: 972-665-1250
Cellular: 972-898-0686
____________________Reply Separator____________________
Subject: Re: Yahoo Messenger
Author: W Joel Gridley <[EMAIL PROTECTED]>
Date: 11/22/99 11:44 PM
Did you also lock down the AOL "quick buddy" service? This is the java version
of the AIM application.
At 04:55 PM 11/22/99 -0600, you wrote:
>I am using a PIX 520 running IOS 5.01, and have managed to tighten
security on
>everything here, with the exception of the Yahoo Messenger application. Does
>anyone know what the various IP addresses for the Yahoo Messenger server
are, in
>regards to the login server? This is how I restricted the AOL Instant
Messenger
>Application, etc...by denying access to the servers that the users
authenticate
>against. I would like to do the same for Yahoo Messenger if possible?
>
>
>
>Regards,
>
>Stephen Robertson
>Network Operations
>Cinemark USA
>Email: [EMAIL PROTECTED]
>Phone: 972-665-1250
>Cellular: 972-898-0686
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
>
Joel Gridley, CCNA, SOB "Be the packet."
Network Security/Firewall Specialist
GTE Internetworking, "Powered by BBN."
Burlington, MA
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
