To do this effectively, the best tool for the job is a Packeteer Packetshaper. Many of IM's, and Napster type tools are specifically designed to switch ports when needed. So if you were to block say port 8888, it would just jump to port 8889.
The Packetshapper can read the TCP header information and determine exactly what the packet if for. Then you can set rules on what to do with those packets. So you say, block Yahoo messenger, it will not care about the port or anything. It will see the messenger, and block the packets period. You can also allocate bandwidth to say for example, all Windows media for the whole company should never exceed a certain amount of bandwidth. -----Original Message----- From: Benjamin Winzenz [mailto:[EMAIL PROTECTED]] Sent: Friday, January 04, 2002 8:13 AM To: MSWinNT Discussions Subject: RE: Blocking Instant Messenger with Cisco Pix I thought I recalled you have to block all the IP's that refer to oscar.login.aol.com. Blocking ports don't do it, as AIM I thought can use many various ports. Try searching for IP's for that, and block those. Ben Winzenz, MCSE Network/Systems Administrator Peregrine Systems -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, January 04, 2002 11:09 AM To: MSWinNT Discussions Subject: OT:Blocking Instant Messenger with Cisco Pix does anyone do this using conduits? I have tried blocking 5190 and did NSlookups and blocked all available IP's but that little yellow bas*ard keeps connecting any ideas? ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
