Hi,
I made wireshark capture while signing in to Windows Live (version 2009
build 14.0.8089.726) and found this info:
GET /ppcrlcheck.srf HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; InfoPath.2;
.NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3;
OfficeLivePatch.0.0; IDCRL 5.000.810.6; IDCRL-cfg 6.0.11409.0; App
msnmsgr.exe, 14.0.8089.726, {7108E71A-9926-4FCB-BCC9-9A9D3F32E423})
Host: login.live.com
Cache-Control: no-cache
Maybe you could try adding a custom header like "host: login.live.com" to
the reject list
I haven't tested yet, maybe will also block the access to the hotmail web
based e-mail portal, but I think it's just a matter of configure it and see
the behavior.
_______________________________
Gustavo Ríos P.
Senior Security Specialist
email: [email protected]
www.cybertechprojects.com
Telf.: +58 212 266 1980/ 2503
Cel: +58 412 801 4879
Fax: +58 212 266 9995
******************************************************
NOTA CONFIDENCIAL: La información contenida en este E-mail es confidencial y
sólo puede ser utilizada por la persona o la compañía a la cual está
dirigido y/o por el emisor. Si no es el receptor autorizado, cualquier
retención, difusión, distribución o copia de este mensaje es prohibida y
será sancionada por la ley. Si por error recibe este mensaje, favor
devolverlo y borrar el mensaje recibido inmediatamente.
CONFIDENTIAL NOTE: The information in this E-mail is intended to be
confidential and only for use of the individual or entity to whom it is
addressed and/or the issuer. If you are not the intended recipient, any
retention, dissemination, distribution or copying of this message is
strictly prohibited and sanctioned by law. If you receive this message by
error, please immediately send it back and delete the message received.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of a bv
Sent: Jueves, 18 de Marzo de 2010 08:50 a.m.
To: [email protected]
Subject: Re: [FW-1] Blocking instant messaging traffic with Smartdefense
Is there anyone , who has an idea about that? any custom header to put
on rejection?
Regards
2010/3/15, a bv <[email protected]>:
> Hi Paolo,
>
> It seems that i have all the patterns activated (both at the IM part
> and Header Rejection side)
> and gave no exception to any client , but i still can login and use
> windows live messenger
> from my pc . So the others also must be able to use also, thats what i
> dont want them too.
>
> Regards
>
> 2010/3/14, Paolo Riviello <[email protected]>:
>> HI,
>> in order to block MSN over HTTP you should use Web Intelligence HTTP
>> Protocol Inspection Header Rejection.
>> Then SmartDefence
>> configuration, use MSN Messenger rejection patterns.
>>
>> Hope this help.
>>
>> Paolo
>>
>> _________________________________________________________________
>> Chiama e videochiama gratis su Messenger!
>> http://www.messenger.it/videoconversazioni.aspx
>> =================================================
>> To set vacation, Out-Of-Office, or away messages,
>> send an email to [email protected]
>> in the BODY of the email add:
>> set fw-1-mailinglist nomail
>> =================================================
>> To unsubscribe from this mailing list,
>> please see the instructions at
>> http://www.checkpoint.com/services/mailing.html
>> =================================================
>> If you have any questions on how to change your
>> subscription options, email
>> [email protected]
>> =================================================
>>
>
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
