You can try with putting the wrong ip for icq domain in newly created zone in your dns servers
Best Regards Have A Good Day!! ++++++++++++++++++++++++++++++++++++++++++ Farhan Ahmed MCSE+I, MCP Win2k, CCA, CCDA, CCNA, CSE , CCNP Network Engineer Mideast Data Systems Abu Dhabi Uae. www.mdsemirates.com Tel: 97126274000 Cellular: 971507903578 ++++++++++++++++++++++++++++++++++++++++++ Be a builder, not a destroyer!!! Disclaimer: Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Errors and Omissions may occur in the contents of this e-mail arising out of or in connection with data transmission, network malfunction or failure, machine or software error, malfunction, or by the person who is sending the email. Mideast Data Systems accepts no responsibility for any such errors or omissions Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -----Original Message----- From: Chuck's Long Road [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 31, 2002 1:20 AM To: [EMAIL PROTECTED] Subject: Re: ICQ and blocking the thing-PIX [7:52285] In a complex organization ( complex not meaning size or number of departments, but in the way people need to work ) one might consider third party applications such as Web Sense. A couple of comments below: -- TANSTAAFL "there ain't no such thing as a free lunch" ""Roberts, Larry"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Try my approach.. > > Tell people no and put it in your security policy. They violate the > policy they get fired.. CL: that assumes that 1) the policy will be acceptable to management 2) the policy will be enforced by management and 3) you have the luxury of being able to fire people for whatever reason you deem fit, trivial or otherwise. Even in today's bad economy, companies may not have this luxury. > > Oh wait a minute, I think that goes along with cut-off desktop > internet access I guess. CL: like it or not, internet access at the desktop has become one of those intangible fringe benefits, right up there with using the photocopier for personal business, using the telephone for personal business, using the fax machine for personal business. When was the last time someone got fired for making persoanl phone calls at work? Or photocopying their tax returns at work? > > Its is a VERY effective deterrent though don't you think .... CL: sure - IF management enforces it, or even agrees to it > > Or I guess you could also just route your home subnet ( not just your single > home IP ) to Null0. > I have found that effective of blocking sites when I don't have the ability > to walk around and see what people are doing... > > Trust me, for every way you can find out, I can find a way to block > it. We may play cat and mouse for a while, but I never tire of it... CL: works really well until the person you block is some Senior vice President, or one of the top sales people ( read - revenue producers ) in the company, and makes the claim that the service is absolutely necessary for success on the job. That's why this stuff has to work at a policy level, and cannot nor should be considered a matter for firewall administrators to deal with. CL You gots to know your organization. > > > Thanks > > Larry > > > -----Original Message----- > From: mike greenberg [mailto:[EMAIL PROTECTED]] > Sent: Friday, August 30, 2002 2:18 PM > To: [EMAIL PROTECTED] > Subject: RE: ICQ and blocking the thing-PIX [7:52285] > > > If port 80 is open for outbound, I can change the ssh port on my linux > firewall to listen on port 80 as well.... As I've said before, the > only to stop me from IM is to cut off Internet access to my desktop > completely. Isn't Unix a wonderful thing? > > Creighton Bill-BCREIGH1 wrote:>There is no way for you to stop me > because unless you cut off Internet > >access on my desktop completely. > > Or until SSH port 22 is closed on the firewall > > Bill Creighton CCNP > Senior System Engineer > Motorola > iDEN CNRC Packet Data > > > -----Original Message----- > From: mike greenberg [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 29, 2002 7:50 PM > To: [EMAIL PROTECTED] > Subject: Re: ICQ and blocking the thing-PIX [7:52285] > > Here is how I get around ICQ, AOL, MSN and Yahoo IM blocking: From > work, I Secure Shell (SSH) back to my Linux Firewall. On my work > desktop, I am running X-server (X-Win32 or Xceed) and just tunnel the > SSH encryption from my Linux firewall back to the corporate desktop. I > can fire up any X application to my heart desire (Netscape, AIM, > Yahoo) that supports on Linux > platform. > I can > pretty much do whatever I want without being spied by anyone at work because > > the SSH tunnel is encrypted. I can go online shopping, chat with my friends > without having to worry about having my conversation being recorded. > There is no way for you to stop me because unless you cut off Internet > access on my desktop completely. > > "Mears, Rob" wrote:Hi Cisco gods, > > I have successfully blocked all chat services at the PIX firewall, I think. > As I walk around and find people using MSN or Messenger I find that > public proxy they are using and kill it too. BUT, I am having a hell > of a time with > ICQ. I do have all the ports UDP and TCP blocked so it does not work UNLESS > they use port 80. This is where I am stuck, I cant block port 80 as > you know > so how do I kill this monster? Has any one had luck with this and has anyone > found a way to stop the public proxy usage? I really feel as if I am > fighting a losing battle, cuss for every block I am countered with a > way around it. > > My inside ACL in the pix is quite impressive and all just for blocking this > crap, if anyone would like it for theirs I will provide as it is > proven and > works, with exception to ICQ. > > > HELP WANTED > > Thanks > Rob Mears III, CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+ > Technical Mercenary Do You Yahoo!? Yahoo! Finance - Get real-time > stock quotes Do You > Yahoo!? Yahoo! Finance - Get real-time stock quotes Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52466&t=52285 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
