Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Blocked AIM, but there are side effects

Status
Not open for further replies.
Tekmazter

Tekmazter

IS-IT--Management
Mar 26, 2002
164
US
First, I'm using a PIX 515E. I didn't see a PIX forum on here, so I'm trying the next closest thing.

Here we go: There seems to be many IP Addresses that AIM uses to login so I blocked a range of IP Addresses in my rules:

(64.12.0.0)
+
(205.188.0.0)

along with port 5190 on a separate rule from any 'inside' to any 'outside'.

This does seem to work in denying AIM functionality on my network. However, it also blocks AOL.com and any ability to check AOL e-mail. My question is, how can I create a more specific rule entry without having to create a separate rule for every single IP that correlates to login.oscar.aol.com? I'm new to PIX so I've been using the GUI so far to do this. Is there any way to specify hostnames instead of an IP so I could just create one rule for say login.oscar.aol.com?
 
Sort by date Sort by votes
To block aim you will have to know all the addresses to the servers for aim login and be more specific on access-list. BTW, smart users will be able to change the default port aim uses and still be able to get out. IE. change port 5190 to 80 and it will work since 80 is used for
Use a third party software to block access to it. I dont know of a particular software, but I know they are out there.

"Unemployed
 
Upvote 0 Downvote
Yea, I ended up getting a little more creative and did the following:

While I blocked the service port 5190 entirely, I've also FULLY blocked the entire AOL network ranges in the 64.12 and 205.188 area's. However, on the flip side, I didn't want to block user access to sites such as Mapquest.com so I got one of its IP's and created a host record for it in my DNS to force the IP mapquest goes to from my network. Then I created a separate rule on the PIX to say that Mapquest.com is allowed to the same exact IP and everything appears to be working the way I want it to. Should in the future find sites that are blocked but should be allowed, I would just add those sites to my PIX access-list. Consequently I have created a network group for this purpose called 'AOLGranted' to avoid 300 rules as time goes on.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
235
Garbear
Garbear
sapper1
  • Locked
  • Question
Changed ISP now sites are being blocked
Replies
1
Views
163
sapper1
sapper1
Shad0wguy
  • Locked
  • Question
SNMP requests being blocked
Replies
0
Views
145
Shad0wguy
Shad0wguy
MartinUMBT
  • Locked
  • Question
Failover / Load Balancing Interface that are not WAN
Replies
0
Views
171
MartinUMBT
MartinUMBT
AzDan
  • Locked
  • Question
Block FaceBook but allow access.
Replies
0
Views
198
AzDan
AzDan

Part and Inventory Search

Sponsor

Back
Top