Date: Tue, 21 Jan 2003 17:03:09 -0600 From: Doug Poland <doug@polands.org> To: Kirk Strauser <kirk@strauser.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW, blocking IM servers Message-ID: <20030121230308.GA89143@babylon.polands.org> In-Reply-To: <87hec2jggs.fsf@pooh.honeypot.net> References: <34651.63.104.35.130.1043185192.squirrel@email.polands.org> <87hec2jggs.fsf@pooh.honeypot.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 21, 2003 at 04:17:07PM -0600, Kirk Strauser wrote: > > At 2003-01-21T21:39:52Z, "Doug Poland" <doug@polands.org> writes: > > > Sorry for this slightly off-topic post... Is there a comprehensive list > > of IM servers (names, IPs) available? I'd like to block IM servers from > > certain users on my network. > > No, nor will there be one. Anyone with a server can set up Jabber on any > port they want. > I'm concerned about the big 3, AOL, MSN, and Yahoo. They must have a limited IP range they use. > > From what I've gathered on google, the only effective stragegy is to use > > firewall (in my case, IPFW) rules to block IP's, names. > > OK, first, this is really more of an administrative issue than a technical > one. Tell your employees that if they IM for non-work issues (and that IM > is logged, whether it is or not), then they are fired. Get your boss to > back you. Then, it's not *your* problem if people are wasting their time at > work. > This is my boss's idea! Also there are also a number of volunteers who cannot be fired. > Second, the only reasonable way to do this is to block *everything* except > traffic you want to allow. No client machine needs direct Internet access > to send email - make them use a smarthost. Force all machines to surf the > web via a Squid proxy, and only let that machine connect out on port 80. > I'm doing that now, however, I know the Yahoo client will use any open port it can find and tunnel through that. > Either way is going to piss off a lot of people, so decide in advance which > one you can live with. :) > Actually, this is to head of the problem before it starts. Thanks for you input and point of view Kirk. -- Regards, Doug To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030121230308.GA89143>