RE: Blocking AOL

Dieter Lubbe Wed, 12 Jul 2000 08:52:42 -0400 (EDT)

right this is what I have in my Outbound and Remote Access filters..

And it is still getting through...


Should I restart thr Gnat box?

Dieter

FILTERS
  OUTBOUND
     1 #AOL Block
       Deny   ANY TCP
          from 10.1.1.200/255.255.255.0
            to "ANY_IP" 5190

     2 #AOL Block 2
       Deny   ANY TCP
          from "ANY_IP" 5190
            to "ANY_IP"

     3 #AOL Block
       Deny   ANY TCP
          from "ANY_IP"
            to "ANY_IP" 5190

     4 #Controlled Access
       Accept "PROTECTED" TCP
          from "ANY_IP"
            to "ANY_IP" 25 77 53 80 110 443 8888

     5 #Allow ping and traceroute
       Accept "PROTECTED" ICMP
          from "ANY_IP"
            to "ANY_IP"

     6 #Allow DNS
       Accept "PROTECTED" UDP
          from "ANY_IP"
            to "ANY_IP" 53

     7 #Deny Netbios Connections
       Deny   "PROTECTED" TCP  nolog
          from "ANY_IP"
            to "ANY_IP" 135:139

     8 #Deny Netbios Connections
       Deny   "PROTECTED" UDP  nolog
          from "ANY_IP"
            to "ANY_IP" 135:139

     9 #Deny the remaining open ports
       Deny   "PROTECTED" ALL  email
          from "ANY_IP"
            to "ANY_IP"

    10 #Full Access
       DISABLED - Accept "PROTECTED" ALL
          from "ANY_IP"
            to "ANY_IP"

  REMOTE ACCESS
     1 #Allow web
       Accept ANY TCP
          from "ANY_IP"
            to "ANY_IP" 25 80 110 1521 443

     2 #DNS
       Accept ANY UDP
          from "ANY_IP"
            to "ANY_IP" 53

     3 #Block Netbios connections to the Firewall
       Deny   "PROTECTED" UDP  nolog
          from "ANY_IP"
            to "ANY_IP" 135:139

     4 #Block Netbios connections to the Firewall
       Deny   "PROTECTED" TCP  nolog
          from "ANY_IP"
            to "ANY_IP" 135:139

     5 #Allow ping and traceroute
       Accept ANY ICMP
          from "ANY_IP"
            to "ANY_IP"

     6 #Allow protected network access to WWW remote admin server.
       Accept "PROTECTED" TCP
          from 10.1.1.214/255.255.255.0
            to 10.1.1.1/255.255.255.255 8888

     7 #Allow protected network access to RMC remote admin server.
       Accept "PROTECTED" TCP
          from 10.1.1.214/255.255.255.0
            to 10.1.1.1/255.255.255.255 77

     8 #Deny Open Ports
       Deny   ANY ALL
          from "ANY_IP"
            to "ANY_IP"


-----Original Message-----
From: Michael W. Burden [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 12, 2000 2:34 PM
To: Dieter Lubbe; 'GNATBOX-Users (E-mail)'
Subject: RE: Blocking AOL


Ok, I'll take one last shot at this, and then I'm
out of ideas...

After you created the filter, did you move it ahead
of any other filters that might allow the connection?

Mike Burden
Lynk Systems
(616)532-4985
[EMAIL PROTECTED]


> -----Original Message-----
> From: Dieter Lubbe [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 12, 2000 8:33 AM
> To: 'Michael W. Burden'; 'GNATBOX-Users (E-mail)'
> Subject: RE: Blocking AOL
>
>
> Yes I did....
>
> The connection is still going.
>
> Dieter
>
> -----Original Message-----
> From: Michael W. Burden [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 12, 2000 2:29 PM
> To: Dieter Lubbe; GNATBOX-Users (E-mail)
> Subject: RE: Blocking AOL
>
>
> Did you add the outbound filter that blocks all traffic
> on any port to the  205.188.153.0/255.255.255.0  subnet
> (as Brad Plank suggested)?
>
> Mike Burden
> Lynk Systems
> (616)532-4985
> [EMAIL PROTECTED]
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Dieter Lubbe
> > Sent: Wednesday, July 12, 2000 4:26 AM
> > To: 'Al Grenley'; 'Michael W. Burden'; GNATBOX-Users (E-mail)
> > Subject: RE: Blocking AOL
> >
> >
> > --------------------- Attention -----------------------------
> > Online GNAT Box User Forum is Now Open
> > Click the Register link and sign up today
> > http://www.gnatbox.com/cgi-bin/Ultimate.cgi
> > -------------------------------------------------------------
> > Send postings to: [EMAIL PROTECTED]
> > Access the list archives at: http://www.gnatbox.com/gb-users/
> > -------------------------------------------------------------
> > I have installed outbound filters as suggested, but the sucker is still
> > slipping through.....
> >
> > THe other method I have tried is as follows,
> >
> > I have set the outbound filters to only allow 21 22 23 25 80
> 110 and 443.
> >
> > But I still see the AOL connection....
> >
> > What am I doing wrong?
> >
> > As far as I can tell the connection is inbound from
> 205.188.2.178/5190 to
> > one of my local machines.
> > Setting up a remote access filter didn't help either.
> >
> > --> TCP        10.1.1.200/1056  209.212.103.210/10065
> 205.188.2.178/5190
> > 00:00:23
> >
> > Any other suggestions?
> >
> > DIeter
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Al Grenley
> > Sent: Tuesday, July 11, 2000 6:26 PM
> > To: 'Dieter Lubbe'; 'Michael W. Burden'; GNATBOX-Users (E-mail)
> > Subject: RE: Blocking AOL
> >
> >
> > --------------------- Attention -----------------------------
> > Online GNAT Box User Forum is Now Open
> > Click the Register link and sign up today
> > http://www.gnatbox.com/cgi-bin/Ultimate.cgi
> > -------------------------------------------------------------
> > Send postings to: [EMAIL PROTECTED]
> > Access the list archives at: http://www.gnatbox.com/gb-users/
> > -------------------------------------------------------------
> > Try this
> >
> > Create and Save Out Bound filters for the following:
> >
> >   Block ports 5190  ALL TCP
> >
> > AOL Instant Messenger jumps all over different ports so I think
> > chasing that
> > is hopeless.
> > Try blocking the servers that AIM uses for LOGIN.
> >
> > Block ANY ALL for address 152.163.242.24
> > Block ANY ALL for address 152.163.242.28
> > Block ANY ALL for address 152.163.242.120
> > Block ANY ALL for address 152.163.242.128
> > (there may be others)
> >
> > Good luck al.....
> >
> > -----Original Message-----
> > From: Dieter Lubbe [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, July 11, 2000 11:00 AM
> > To: 'Michael W. Burden'; GNATBOX-Users (E-mail)
> > Subject: Blocking AOL
> >
> >
> > --------------------- Attention -----------------------------
> > Online GNAT Box User Forum is Now Open
> > Click the Register link and sign up today
> > http://www.gnatbox.com/cgi-bin/Ultimate.cgi
> > -------------------------------------------------------------
> > Send postings to: [EMAIL PROTECTED]
> > Access the list archives at: http://www.gnatbox.com/gb-users/
> > -------------------------------------------------------------
> > Thanks for all the help.
> >
> > One last question.
> >
> > I've got a user accessing AOL, on 5190.
> > I have been told to block all AOL access, but no matter what
> > filter I setup,
> > the connection keeps going.
> >
> > Thanks for all the help!
> >
> > Dieter
> >
> > This is the extract from the "Current Connections"
> >
> >
> > --> TCP        10.1.1.200/1029  209.212.103.210/10147
> 205.188.2.185/5190
> >
> > ----------------------------------------------
> > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > with "unsubscribe gb-users your_email_address
> > in the body of the message
> > ----------------------------------------------
> > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > with "unsubscribe gb-users your_email_address
> > in the body of the message
> >
> > ----------------------------------------------
> > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > with "unsubscribe gb-users your_email_address
> > in the body of the message

RE: Blocking AOL

Reply via email to