Indeed this has come up regularly. I remain skeptical that placing the burden for enforcing policy such as this lies with the firewall and the firewall administrators. OK, so you block Napster and AOL. Now then, what about E-trade? Yahoo? Merrill Lynch, Dilbert.com? not to mention the various picture sites that so many disapprove of. How about all the radio stations people are listening to over the net? Now, what happens when some person or business unit has a good business reason for accessing AOL or other sights that you are blocking on your firewall? I'm talking to the wind, I suppose, but my first question when this topic comes up, is "what is the written policy regarding internet access?" the second question is "will management pay for what it requires to accomplish this policy?" But relying on port blocking, or address blocking, or domain name blocking, on a case by case basis seems a bit shortsighted. JMHO Chuck -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Keyur Lavingia Sent: Monday, April 23, 2001 12:41 PM To: [EMAIL PROTECTED] Subject: RE: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1639] This has actually come up again in the discussion. If u want to block AIM outgoing from ur network, u should try to block the IP Addresses of the login server of AIM which is "login.oscar.aol.com" The AIM App is designed to scan for ports other than 5190 to login to the server, so port blocking will not work always. Sincerely, KEYUR LAVINGIA Network Engineer Peak XV Networks San Ramon, CA 94583. W - 925.242.7492 C - 925.699.8855 [EMAIL PROTECTED] www.peakxv.net -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, April 23, 2001 11:12 AM To: [EMAIL PROTECTED] Subject: Re: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1629] Just a note, that people can shoose other ports to get to the AIM services. ""Kevin O'Gilvie"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Before I ask this question I would like to give something back, below is the > config to block aim and napster: > > access-list acl_out deny tcp any any eq 5190 > access-list acl_out deny tcp any any eq 8875 > access-list acl_out deny tcp any any eq 7777 > access-list acl_out deny tcp any any eq 6699 > access-list acl_out deny tcp any any eq 8888 > access-group acl_out in interface inside > access-list acl_out permit tcp any any > access-list acl_out permit ip any any > > > Now I would like to setup a Tacus+ or Radius Server on My network I have a > widows 2000 domain and I am unsure of how to do this. Please advise. > > TIA, > > Kevin > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1654&t=1654 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
