From: Tom Diehl <tdiehl@ro...> - 2006-08-18 15:59:06
Does anyone know what needs to be blocked to disable all of the various IM's
out there. I have looked at google and found a few things but I thought that
AIM for instance could use numerous ports not just 5190. Am I correct or did
I dream this?
Tom Diehl tdiehl@... Spamtrap address mtd123@...
On 8/18/06, Tom Diehl <tdiehl@...> wrote:
> Does anyone know what needs to be blocked to disable all of the various
> out there. I have looked at google and found a few things but I thought
> AIM for instance could use numerous ports not just 5190. Am I correct or
> I dream this?
AIM can be configured to use almost any port. The "best" solution IMHO is
to use snort with either snortsam or snort-inline, snort having only the
rule sets for "chat" enabled. The snort rules for AIM have a rather
extensive list of AIM servers in cidr notation, so you can block those IP
blocks, but that doesn't stop yahoo/msn/icq. IIRC, Snort uses the IP blocks
to block AIM (since it can talk on so many different ports), but uses packet
matching to grab yahoo/msn/icq traffic. If you have a big budget - You can
of course purchase a packeteer and that will block it also. =)
Get latest updates about Open Source Projects, Conferences and News.