>> Spoofing the dns zones are the only solution. > Why not using your own XMPP server, that you control and where you can > activate logging?
Actually, in a previous lifetime, we discovered that the MOST effective way to deal with this was to write it into the policy and procedures manual and make sure that everyone signs a copy of the manual with full understanding of the rules and why they are in place. Monitor for a bit (with no blocking in place so that fallback-to-hidden-protocol doesn't happen), warn the folks that were "doing it", then, after a month, fire the folks that are caught continuing to break the policy. As long as you don't enforce the underlying rules, there will always be someone breaking the rules, working around the system, and all you are doing is continuously playing catch-up. I don't like playing cat-and-mouse. In the current economy, if someone feels that it is important enough to "chat" with someone at risk of losing their job, you don't need them, and they will prove to be a risk in some other way before too long anyway. If it's the CEO/CIO/CFO that continues to break the rules, you are working for the wrong company -- which, in this economy leads to an entire different set of problems. AlanC
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users