RE: Blocking AOL

[Al Grenley]

Blocking 5190 should stop AOL completely.  The hard thing to stop is the
standalone AOL Instant Messenger. If 5190 is still showing up the AOL
Browser is still building the tunnel through the file wall. Are you sure you
have your outbound filter setup correctly and in the right position?

These are the settings that worked for me.
 
Try putting the block at the top of the outbound filter list

        Description = AOL Block
        Disable  = Unchecked
        Type = Deny
        Interface = ANY
        Protocol = TCP
        Log = Default
        Action = All unchecked
        TimeBased = unchecked
        TimeGroup = NA
        Source:
          IP address =  0.0.0.0
          NetMask = 0.0.0.0
          Range = unchecked
          All port boxes = 0
        Destination:
          IP address =  0.0.0.0
          NetMask = 0.0.0.0
          Range = unchecked
          1st Port = 5190
          All others = 0
          Broadcast  = unchecked

        Press OK at the bottom of the "EDIT Outbound Filter Page"
        Press SAVE at the bottom of the "GNAT box Outbound Filter Page"

        al.......

-----Original Message-----
From: Dieter Lubbe [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 12, 2000 4:26 AM
To: 'Al Grenley'; 'Michael W. Burden'; GNATBOX-Users (E-mail)
Subject: RE: Blocking AOL


--------------------- Attention -----------------------------
Online GNAT Box User Forum is Now Open
Click the Register link and sign up today
http://www.gnatbox.com/cgi-bin/Ultimate.cgi
-------------------------------------------------------------
Send postings to: [EMAIL PROTECTED]
Access the list archives at: http://www.gnatbox.com/gb-users/
-------------------------------------------------------------
I have installed outbound filters as suggested, but the sucker is still
slipping through.....

THe other method I have tried is as follows,

I have set the outbound filters to only allow 21 22 23 25 80 110 and 443.

But I still see the AOL connection....

What am I doing wrong?

As far as I can tell the connection is inbound from 205.188.2.178/5190 to
one of my local machines.
Setting up a remote access filter didn't help either.

--> TCP        10.1.1.200/1056  209.212.103.210/10065   205.188.2.178/5190
00:00:23

Any other suggestions?

DIeter

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Al Grenley
Sent: Tuesday, July 11, 2000 6:26 PM
To: 'Dieter Lubbe'; 'Michael W. Burden'; GNATBOX-Users (E-mail)
Subject: RE: Blocking AOL


--------------------- Attention -----------------------------
Online GNAT Box User Forum is Now Open
Click the Register link and sign up today
http://www.gnatbox.com/cgi-bin/Ultimate.cgi
-------------------------------------------------------------
Send postings to: [EMAIL PROTECTED]
Access the list archives at: http://www.gnatbox.com/gb-users/
-------------------------------------------------------------
Try this

Create and Save Out Bound filters for the following:

  Block ports 5190  ALL TCP

AOL Instant Messenger jumps all over different ports so I think chasing that
is hopeless.
Try blocking the servers that AIM uses for LOGIN.

Block ANY ALL for address 152.163.242.24
Block ANY ALL for address 152.163.242.28
Block ANY ALL for address 152.163.242.120
Block ANY ALL for address 152.163.242.128
(there may be others)

Good luck al.....

-----Original Message-----
From: Dieter Lubbe [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 11, 2000 11:00 AM
To: 'Michael W. Burden'; GNATBOX-Users (E-mail)
Subject: Blocking AOL


--------------------- Attention -----------------------------
Online GNAT Box User Forum is Now Open
Click the Register link and sign up today
http://www.gnatbox.com/cgi-bin/Ultimate.cgi
-------------------------------------------------------------
Send postings to: [EMAIL PROTECTED]
Access the list archives at: http://www.gnatbox.com/gb-users/
-------------------------------------------------------------
Thanks for all the help.

One last question.

I've got a user accessing AOL, on 5190.
I have been told to block all AOL access, but no matter what filter I setup,
the connection keeps going.

Thanks for all the help!

Dieter

This is the extract from the "Current Connections"


--> TCP        10.1.1.200/1029  209.212.103.210/10147   205.188.2.185/5190

----------------------------------------------
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe gb-users your_email_address
in the body of the message
----------------------------------------------
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe gb-users your_email_address
in the body of the message

----------------------------------------------
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe gb-users your_email_address
in the body of the message