Mailinglist Archive: opensuse (3666 mails)

< Previous Next >
Re: [SLE] block yahoo messenegr
  • From: Louis Richards <louis@xxxxxxxxxxxxxxxxxx>
  • Date: Mon, 14 Mar 2005 12:49:31 -0500
  • Message-id: <200503141249.31975.louis@xxxxxxxxxxxxxxxxxx>
On Monday 14 March 2005 11:13 am, Admin wrote:
> hi folk,
>
> i have a suse 8.1 box installaed with iptables-1.2.7a.
>
> how can i block connection to yahoo messnegr??
>
> thanls for any giude.

Yahoo Messenger and many P2P apps can tunnel through port 80, which you
probably have open. They also have a tendency to change their server list on
a regular basis making it hard to block those addresses.

http://nscsysop.hypermart.net/no_chat.html has some nice ideas on blocking
chat programs. It is definitely worth a look.

I have used Snort with the SnortSam plugin. Snort just logs the access, but
SnortSam will add a temporary block for an adjustable time limit. The
combination has let me block IM and P2P apps successfully and the fact that
the blocks are temporary eases administration.

Alternatively, you could go ahead and block outgoing port 80 and force the use
of a proxy server. Users could set the proxy up in the app though and
transparent proxy would still let them through. The added logging is always
good in any case.

I prefer the SnortSam method as it in combination with Port Sentry make me
feel warm and fuzzy inside. ;-)

--
Louis Richards

< Previous Next >
This Thread
References