I may be off my rocker, but I think it's possible that you could set up an IDS system that blocks access to any IP on the outside that sends packets to your network that look like ICQ. At the very least it could record the addresses for future inclusion into ACLs.
This won't block the people who set up SSH tunnelling as described in other messages, but you can make it a violation of security policy to use that kind of back door. Thanks, Shawn "Mears, Rob" wrote: > > Hi Cisco gods, > > I have successfully blocked all chat services at the PIX firewall, I > think. As I walk around and find people using MSN or Messenger I find > that public proxy they are using and kill it too. BUT, I am having a > hell of a time with ICQ. I do have all the ports UDP and TCP blocked so > it does not work UNLESS they use port 80. This is where I am stuck, I > cant block port 80 as you know so how do I kill this monster? Has any > one had luck with this and has anyone found a way to stop the public > proxy usage? I really feel as if I am fighting a losing battle, cuss > for every block I am countered with a way around it. > > My inside ACL in the pix is quite impressive and all just for blocking > this crap, if anyone would like it for theirs I will provide as it is > proven and works, with exception to ICQ. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52395&t=52285 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
