Blocking IM
Gregory Hicks
ghicks at well.com
Tue Dec 13 04:11:31 UTC 2005
> From: Bourque Daniel <Daniel.Bourque at loto-quebec.com>
> Subject: RE : Blocking IM
> Date: Mon, 12 Dec 2005 19:04:22 -0500
>
> Yes I know... Not enough sleep.
>
> I was more thinking about how to block xyz.yahoo.com but not www.yahoo.com.
> You cannot block a host on the same level but yes it's easy to block a
> sublevel domain or could you? What if instead of defining in my dns a host
> name xyz.yahoo.com, I create a sublevel zone name xyz.yahoo.com? Yould it
> work, blocking host by host without blocking the whole domain?
Actually, there is next to no difference between a host and subdomain
in DNS. Not strictly true because a subdomain CAN have hosts assigned
to it while a host cannot, but you CAN cause a subdomain to resolve to
a particular IP address. (I think I sent you a zone file with the
named.conf entries...?)
You COULD block xyz.example.com but allow www.example.com to go
through. Just create a zone for xyz.example.com and assign it an IP
address of your choosing. The rest of the 'example' domain SHOULD
still resolve properly.
Regards,
Gregory Hicks
>
> -----Message d'origine-----
> De : Gregory Hicks [mailto:ghicks at cadence.com]
> Envoyé : 8 décembre, 2005 20:39
> À : jay.archibald at gmail.com; David_Morales at onr.navy.mil;
> firewalls at securityfocus.com; Daniel.Bourque at loto-quebec.com
> Objet : RE: Blocking IM
>
>
>
> > From: Bourque Daniel <Daniel.Bourque at loto-quebec.com>
> > To: "'Jay Archibald'" <jay.archibald at gmail.com>,
> > David_Morales at onr.navy.mil,
> firewalls at securityfocus.com
> > Subject: RE: Blocking IM
> > Date: Wed, 7 Dec 2005 20:50:48 -0500
> >
> > OK, there is something I don't get here..
> >
> > I have been using this technique for a longtime to block whole domain.
> > How can you only block msg.yahoo.com in your inside DNS server without
> > blocking all yahoo.com?
>
> Create a zone file for the domain msg.yahoo.com and point it at your
> favorite
> sink. Put this zone on your internal bind machine (so that it doesn't leak
> to
> the internet) and ...
>
> The rest of yahoo.com will resolve normally.
>
> > ________________________________
> >
> > De : Jay Archibald [mailto:jay.archibald at gmail.com]
> > Envoyé : 7 décembre 2005 13:37
> > À : David_Morales at onr.navy.mil; firewalls at securityfocus.com
> > Objet : RE: Blocking IM
> >
> >
> > An alternative solution to using expensive IDS or Web Filtering
> > products is BLACKHOLE DNS. Easy to setup and free if you have your
> > own DNS server. Here is some information for configuring blackhole
> > DNS. It was originally used to prevent malware, but it can be easily
> > used to block instant messengers as well. The idea is that your DNS
> > server resolves the DNS name used for the login process. You point
> > the DNS alias to an internal IP address on your network. If users
> > can't login, they won't be using instant messengers. It has worked
> > for us.
> >
> > http://www.bleedingsnort.com/blackhole-dns/
> > http://www.bleedingsnort.com/article.php?story=20050620215129947&query
> > =black
> > hole
> >
> > Here are the DNS names we use for blocking instant messengers:
> > AOL
> > login.oscar.aol.com
> > screenname.aol.com
> > aimexpress.aol.com
> > aim.aol.com
> > Yahoo
> > msg.yahoo.com
> > messenger.yahoo.com
> > MSN
> > messenger.hotmail.com
> > msgr.hotmail.com
> > webmessenger.msn.com
> >
> > GOOGLE
> > talk.google.com
> >
> > From: Morales, David (Seta) [mailto:David_Morales at onr.navy.mil]
> > Sent: Tuesday, December 06, 2005 12:51 PM
> > To: firewalls at securityfocus.com <mailto:firewalls at securityfocus.com>
> > Cc: Amiryar, Edris (Seta)
> > Subject: Blocking IM
> >
> >
> >
> > We are blocking IM at the Firewall (juniper 5200) and through
> > Surf-control (Web Filtering product, but we are still able to connect
> > to Yahoo IM. Has anyone been able to do this successfully? And, does
> > anyone have a list of ports to block so we cannot get to this IM?
> >
> > Thanks in advance,
> >
> > David Morales
> >
> > moraled at onr.navy.mil <mailto:moraled at onr.navy.mil>
> >
> >
>
---------------------------------------------------------------------
I am perfectly capable of learning from my mistakes. I will surely
learn a great deal today.
"A democracy is a sheep and two wolves deciding on what to have for
lunch. Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin
"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton
More information about the bind-users
mailing list