As already stated by others, a social policy is needed. However, to assist the social policy you will need to block the icq login systems on all ports using a firewall policy. Also, look at www.icqproxy.com. They provide a program to be used to bypass firewalls by tunnelling via http. Download it and run it to see what hosts it attempts to connect to - block those hosts also.
Ken McKinlay, GCIA Network Security Dy 4 Systems 613-599-9199 x506 [EMAIL PROTECTED] > -----Original Message----- > From: d d [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, November 13, 2001 11:35 > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: ICQ using port 80 > > > HI: > > I have a LAN with a MS Proxy server connected to internet via > a PIX 515 > Firewall, but i manage all the servers that the users can > access fron tehe > local LAN using the MS Proxy Server, here i have only > permissions for web > service to my useres, but i see that have users using ICQ > (www.mirabilis.com) using porto 80??, what happen? icq have same > functionlallity as MSN (port 80)? how i can deny this use? > > Thanks > > DEsa > > > _________________________________________________________________ > Descargue GRATUITAMENTE MSN Explorer en > http://explorer.msn.es/intl.asp > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
