Blocking IM

Gregory Hicks ghicks at well.com
Tue Dec 13 04:11:31 UTC 2005


> From: Bourque Daniel <Daniel.Bourque at loto-quebec.com>
> Subject: RE : Blocking IM
> Date: Mon, 12 Dec 2005 19:04:22 -0500
> 
> Yes I know...  Not enough sleep. 
> 
> I was more thinking about how to block xyz.yahoo.com but not www.yahoo.com.
> You cannot block a host on the same level but yes it's easy to block a
> sublevel domain or could you?  What if instead of defining in my dns a host
> name xyz.yahoo.com, I create a sublevel zone name xyz.yahoo.com?  Yould it
> work, blocking host by host without blocking the whole domain?

Actually, there is next to no difference between a host and subdomain
in DNS.  Not strictly true because a subdomain CAN have hosts assigned
to it while a host cannot, but you CAN cause a subdomain to resolve to
a particular IP address.  (I think I sent you a zone file with the
named.conf entries...?)

You COULD block xyz.example.com but allow www.example.com to go
through.  Just create a zone for xyz.example.com and assign it an IP
address of your choosing.  The rest of the 'example' domain SHOULD
still resolve properly.

Regards,
Gregory Hicks

> 
> -----Message d'origine-----
> De : Gregory Hicks [mailto:ghicks at cadence.com] 
> Envoyé : 8 décembre, 2005 20:39
> À : jay.archibald at gmail.com; David_Morales at onr.navy.mil;
> firewalls at securityfocus.com; Daniel.Bourque at loto-quebec.com
> Objet : RE: Blocking IM
> 
> 
> 
> > From: Bourque Daniel <Daniel.Bourque at loto-quebec.com>
> > To: "'Jay Archibald'" <jay.archibald at gmail.com>, 
> > David_Morales at onr.navy.mil,
> firewalls at securityfocus.com
> > Subject: RE: Blocking IM
> > Date: Wed, 7 Dec 2005 20:50:48 -0500
> > 
> > OK, there is something I don't get here..
> >  
> > I have been using this technique for a longtime to block whole domain.  
> > How can you only block msg.yahoo.com in your inside DNS server without 
> > blocking all yahoo.com?
> 
> Create a zone file for the domain msg.yahoo.com and point it at your
> favorite 
> sink.  Put this zone on your internal bind machine (so that it doesn't leak
> to 
> the internet) and ...
> 
> The rest of yahoo.com will resolve normally.
> 
> > ________________________________
> > 
> > De : Jay Archibald [mailto:jay.archibald at gmail.com]
> > Envoyé : 7 décembre 2005 13:37
> > À : David_Morales at onr.navy.mil; firewalls at securityfocus.com
> > Objet : RE: Blocking IM
> > 
> > 
> > An alternative solution to using expensive IDS or Web Filtering 
> > products is BLACKHOLE DNS.  Easy to setup and free if you have your 
> > own DNS server. Here is some information for configuring blackhole 
> > DNS.  It was originally used to prevent malware, but it can be easily 
> > used to block instant messengers as well.  The idea is that your DNS 
> > server resolves the DNS name used for the login process.  You point 
> > the DNS alias to an internal IP address on your network.  If users 
> > can't login, they won't be using instant messengers.  It has worked 
> > for us.
> >  
> > http://www.bleedingsnort.com/blackhole-dns/
> > http://www.bleedingsnort.com/article.php?story=20050620215129947&query
> > =black
> > hole
> >  
> > Here are the DNS names we use for blocking instant messengers:
> > AOL
> > login.oscar.aol.com 
> > screenname.aol.com 
> > aimexpress.aol.com
> > aim.aol.com
> > Yahoo
> > msg.yahoo.com
> > messenger.yahoo.com
> > MSN
> > messenger.hotmail.com 
> > msgr.hotmail.com
> > webmessenger.msn.com
> > 
> > GOOGLE
> > talk.google.com
> >  
> > From: Morales, David (Seta) [mailto:David_Morales at onr.navy.mil]
> > Sent: Tuesday, December 06, 2005 12:51 PM
> > To: firewalls at securityfocus.com <mailto:firewalls at securityfocus.com> 
> > Cc: Amiryar, Edris (Seta)
> > Subject: Blocking IM
> > 
> >  
> > 
> > We are blocking IM at the Firewall (juniper 5200) and through 
> > Surf-control (Web Filtering product, but we are still able to connect 
> > to Yahoo IM. Has anyone been able to do this successfully? And, does 
> > anyone have a list of ports to block so we cannot get to this IM?
> > 
> > Thanks in advance,
> > 
> > David Morales
> > 
> > moraled at onr.navy.mil <mailto:moraled at onr.navy.mil>
> > 
> > 
> 
---------------------------------------------------------------------
I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton



More information about the bind-users mailing list