[KLUG Members] choice of i-filter/firewall/squid box

Rusty Yonkers members@kalamazoolinux.org
Fri, 2 Apr 2004 12:10:51 -0800 (PST) 

> 
> I ran into something regarding this that I thought was pretty cool.
> With pattern
> matching, you should be able to actually stop a lot of the
> messenger services.
> This article is from 2001, when that functionality was apparently
> experimental.
> Maybe it's more mature now?

I will have to check out that article.  Yahoo messenger is the worst
to try to block.  It will use any port (scans for them until it finds
an open one) and the last time I checked they have like 45 - 50 dns
names that the service can use also.  MSN is not so bad.  They only
have one server address from what I have seen.  

> 
> http://www.securityfocus.com/infocus/1531
> 
> Dropping or logging packets with the string "kazaa-username:" might
> be
> interesting in certain school environments. Packet capture a login
> sequence from
> AIM, MSN, Yahoo, Limewire, etc. and you could drop or log that
> traffic by
> matching the pattern. Again, I haven't tried this, but I saw it
> suggested on
> another mailing list. Nifty.

I blocked Yahoo prior to using squid by scripting my iptables rules
to loop through all the possible dns names from 1 to 60 (they number
the servers pretty much sequentially) to block all those IP
addresses.  I got some errors for dns names that did not resolve but
that was only about 5 or so from the list.  That was about the only
way to do it.  I  setup a cron job to run the script once a night so
that if they changed an IP address it would get the change since
iptables wrote out the IP to memory instead of the name.  Once I put
squid in I never was able to seem to get that working because Yahoo
messenger seemed to find squid and I had trouble getting iptables to
block that (it was probably just a major brain fart on my part but I
got busy with other stuff and dropped the project and decided to live
with that).  


=====
Russell C. Yonkers Jr. 
CNE, MCP, A+, CCNA, Linux+, Server+, Network+ certified
-----------------------------------------
Currently using SuSE 9, Mac OS X, Windows 2000, and WinXP 
And yes I run a network at home with Linux and Windows servers

__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway 
http://promotions.yahoo.com/design_giveaway/