RE: ICQ and blocking the thing-PIX [7:52285]

2002-09-03 Thread Mears, Rob
Yep all steps you stated have been covered, but Employees will be employees. What can I say? -Original Message- From: Elijah Savage III [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 3:49 PM To: [EMAIL PROTECTED] Subject: RE: ICQ and blocking the thing-PIX [7:52285] ICQ

RE: ICQ and blocking the thing-PIX [7:52285]

2002-09-03 Thread Mears, Rob
So true but ICQ is using port 80, which kills me -Original Message- From: Creighton Bill-BCREIGH1 [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 29, 2002 12:07 PM To: [EMAIL PROTECTED] Subject: RE: ICQ and blocking the thing-PIX [7:52285] Make sure that you carefully figure out the

RE: ICQ and blocking the thing-PIX [7:52285]

2002-09-02 Thread Roberts, Larry
ECTED] Subject: Re: ICQ and blocking the thing-PIX [7:52285] In a complex organization ( complex not meaning size or number of departments, but in the way people need to work ) one might consider third party applications such as Web Sense. A couple of comments below: -- TANSTAAFL "there ain

Re: ICQ and blocking the thing-PIX [7:52285]

2002-09-01 Thread Magdy H. Ibrahim
Official business of this company shall be understood > as neither given nor Endorsed by it. > > > > -Original Message- > From: Chuck's Long Road [mailto:[EMAIL PROTECTED]] > Sent: Saturday, August 31, 2002 1:20 AM > To: [EMAIL PROTECTED] > Subject: Re: IC

RE: ICQ and blocking the thing-PIX [7:52285]

2002-08-31 Thread FAhmed
ailto:[EMAIL PROTECTED]] Sent: Saturday, August 31, 2002 1:20 AM To: [EMAIL PROTECTED] Subject: Re: ICQ and blocking the thing-PIX [7:52285] In a complex organization ( complex not meaning size or number of departments, but in the way people need to work ) one might consider third party applica

Re: ICQ and blocking the thing-PIX [7:52285]

2002-08-30 Thread Chuck's Long Road
hat's why this stuff has to work at a policy level, and cannot nor should be considered a matter for firewall administrators to deal with. CL You gots to know your organization. > > > Thanks > > Larry > > > -Original Message----- > From: mike greenberg [mai

RE: ICQ and blocking the thing-PIX [7:52285]

2002-08-30 Thread Elijah Savage III
to HR especially if it is causing problems for you on the network and putting business assets at risk. -Original Message- From: Shawn Heisey [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 4:21 PM To: [EMAIL PROTECTED] Subject: Re: ICQ and blocking the thing-PIX [7:52285] I may b

RE: ICQ and blocking the thing-PIX [7:52285]

2002-08-30 Thread Creighton Bill-BCREIGH1
DEN CNRC Packet Data -Original Message- From: Creighton Bill-BCREIGH1 [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 3:17 PM To: [EMAIL PROTECTED] Subject: RE: ICQ and blocking the thing-PIX [7:52285] >Trust me, for every way you can find out, I can find a way to block it. >

Re: ICQ and blocking the thing-PIX [7:52285]

2002-08-30 Thread Shawn Heisey
I may be off my rocker, but I think it's possible that you could set up an IDS system that blocks access to any IP on the outside that sends packets to your network that look like ICQ. At the very least it could record the addresses for future inclusion into ACLs. This won't block the people who

RE: ICQ and blocking the thing-PIX [7:52285]

2002-08-30 Thread Creighton Bill-BCREIGH1
53 PM To: [EMAIL PROTECTED] Subject: RE: ICQ and blocking the thing-PIX [7:52285] Try my approach.. Tell people no and put it in your security policy. They violate the policy they get fired.. Oh wait a minute, I think that goes along with cut-off desktop internet access I guess. Its is

RE: ICQ and blocking the thing-PIX [7:52285]

2002-08-30 Thread Roberts, Larry
or a while, but I never tire of it... Thanks Larry -Original Message- From: mike greenberg [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 2:18 PM To: [EMAIL PROTECTED] Subject: RE: ICQ and blocking the thing-PIX [7:52285] If port 80 is open for outbound, I can change the s

RE: ICQ and blocking the thing-PIX [7:52285]

2002-08-30 Thread mike greenberg
ROTECTED]] Sent: Thursday, August 29, 2002 7:50 PM To: [EMAIL PROTECTED] Subject: Re: ICQ and blocking the thing-PIX [7:52285] Here is how I get around ICQ, AOL, MSN and Yahoo IM blocking: >From work, I Secure Shell (SSH) back to my Linux Firewall. On my work desktop, I am running X-server (X-

RE: ICQ and blocking the thing-PIX [7:52285]

2002-08-30 Thread Creighton Bill-BCREIGH1
[EMAIL PROTECTED]] Sent: Thursday, August 29, 2002 7:50 PM To: [EMAIL PROTECTED] Subject: Re: ICQ and blocking the thing-PIX [7:52285] Here is how I get around ICQ, AOL, MSN and Yahoo IM blocking: >From work, I Secure Shell (SSH) back to my Linux Firewall. On my work desktop, I am running X-

Re: ICQ and blocking the thing-PIX [7:52285]

2002-08-29 Thread mike greenberg
Here is how I get around ICQ, AOL, MSN and Yahoo IM blocking: >From work, I Secure Shell (SSH) back to my Linux Firewall. On my work desktop, I am running X-server (X-Win32 or Xceed) and just tunnel the SSH encryption from my Linux firewall back to the corporate desktop. I can fire up any X ap

RE: ICQ and blocking the thing-PIX [7:52285]

2002-08-29 Thread Creighton Bill-BCREIGH1
Make sure that you carefully figure out the correct side of the connection. ICQ server runs on port 4000, and the client chooses a random high-numbered port. That means you will see UDP packets FROM (inbound/source) port 4000 going to the random port. In other words, don't go looking in a port dat

Re: ICQ and blocking the thing-PIX [7:52285]

2002-08-29 Thread David Armstrong
Rob, Currently we use MS Proxy server to restrict Internet access so I, unfortunately, do not have your answer. Your offer to post your ACL for peer-to-peer blocking would be very appreciated though. Soon we will be removing Proxy and allowing our new PIX to restrict Internet access. At that time