Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
09-16-2005, 03:08 AM
|
#1
|
LQ Newbie
Registered: Sep 2005
Posts: 19
Rep:
|
how to block all the IM -- skype, googletalk, msn, yahoo, ICQ
Hi,
May I know how to total block all the IM using Iptables and squid because my company new policy want me to block all the IM. For time being i just able to block yahoo and ICQ using iptables and msn using squid. but I unable to block skype and google talk.
hope some one can help me to solve it or point me the useful link.
thanks.
|
|
|
09-16-2005, 04:53 AM
|
#2
|
LQ Guru
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298
Rep:
|
I am not a networking guru but I think you need to find out which ports they use and block those ports.
|
|
|
09-16-2005, 10:46 AM
|
#3
|
Senior Member
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid/RPIOS
Posts: 4,905
|
If you can use Guarddog it has separate listings for AIM, YAhoo, MSN, ICQ,IRC, and netmeeting.
Aim uses Destination Port: 5190-5193
YAhoo:
Name: Yahoo! Messenger
Description:
Yahoo! instant messager.
Security Risk: Low
Network Usage:
Description: TCP connection from client to server.
Name: Login to network
Source Port: dynamic
Destination Port: 5050, 23
Description: TCP connection from client to server.
Name: Conference
Source Port: dynamic
Destination Port: 5000-5001
Description: UDP connection from client to server.
Name: Conference
Source Port: dynamic
Destination Port: 5000
MSN:Destination Port: 1863
ICQ:
Description: Bidirectional UDP connection from client to server.
Source Port: any
Destination Port: 4000
Description: TCP connection from client to client.
Source Port: nonprivileged
Destination Port: nonprivileged
Jabber/Gtalk:
Description: TCP connection from client to server.
Source Port: dynamic
Destination Port: 5222
Description: TCP connection from client to server.
Name: Jabber over Secure Socket Layer
Source Port: dynamic
Destination Port: 5223
Sorry I do not have Skype installed. Their documentation should tell you what ports to block.
|
|
|
09-19-2005, 01:31 AM
|
#4
|
Member
Registered: Apr 2003
Location: Malaysia
Distribution: Slackware 10.2
Posts: 75
Rep:
|
FYI, what i noticed that now all the IM are using the random port already so quick difficult to block them also. Cause I try to block all IM with the port no that list about but the user still can use the IM.
|
|
|
09-19-2005, 08:21 AM
|
#5
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
wouldn't an application-level proxy be a more effective way to block these things??
http://www.balabit.com/products/zorp/
or maybe there's an add-on to iptables for IMs, kinda like the p2pwall project but for IMs instead of P2Ps??
http://www.lowth.com/p2pwall/
|
|
|
09-20-2005, 08:19 PM
|
#6
|
LQ Newbie
Registered: Sep 2005
Posts: 19
Original Poster
Rep:
|
I use very stupid way to block the IM that I install all the IM and monitor it where and which IP they logon to then i block IP that they login to prevent user to use the IM.
Unfortunery, I still cant block the user using external Proxy server to logon to IM server. Any one got an idea on this. Can this be done by using the iptables which can block the internal user using an external Proxy server?
|
|
|
09-20-2005, 09:58 PM
|
#7
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally posted by cksoo
I use very stupid way to block the IM that I install all the IM and monitor it where and which IP they logon to then i block IP that they login to prevent user to use the IM.
Unfortunery, I still cant block the user using external Proxy server to logon to IM server. Any one got an idea on this. Can this be done by using the iptables which can block the internal user using an external Proxy server?
|
yes, if you know the IP of the proxy server it would be easy to block it with iptables...
Last edited by win32sux; 09-20-2005 at 11:57 PM.
|
|
|
09-21-2005, 05:54 AM
|
#8
|
LQ Newbie
Registered: Sep 2005
Posts: 19
Original Poster
Rep:
|
The problem is there are a lot open proxy offer so quite difficult to block. May I know whether got a general iptables rules that force my internal must use my internal proxy server or not ?
|
|
|
04-11-2006, 06:35 AM
|
#9
|
LQ Newbie
Registered: May 2004
Posts: 2
Rep:
|
You can have proxy and allow your users to have access just to the proxy port and deny all others.
|
|
|
05-23-2007, 03:54 AM
|
#10
|
LQ Newbie
Registered: May 2007
Posts: 3
Rep:
|
To disable GTalk...
Setup these rules in your IPTables. or create ACLs in Squid.
Drop If destination is 72.14.253.125
Drop If destination is 72.14.255.100
Drop If destination is 209.85.139.83
Drop If destination is 66.249.89.99
Drop If destination is 64.233.163.189
Drop If destination is 209.85.137.125
Drop If protocol is TCP and destination is 66.249.89.103 and destination port is 443
Drop If protocol is TCP and destination is 209.85.137.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.147.83 and destination port is 80
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.163.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.163.125 and destination port is 5222
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 443
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 5222
Drop If protocol is TCP and destination is 72.14.253.125 and destination port is 443
+chetan
|
|
|
05-24-2007, 03:27 AM
|
#11
|
LQ Newbie
Registered: May 2004
Posts: 2
Rep:
|
Quote:
Originally Posted by tuxchetan
To disable GTalk...
Setup these rules in your IPTables. or create ACLs in Squid.
Drop If destination is 72.14.253.125
Drop If destination is 72.14.255.100
Drop If destination is 209.85.139.83
Drop If destination is 66.249.89.99
Drop If destination is 64.233.163.189
Drop If destination is 209.85.137.125
Drop If protocol is TCP and destination is 66.249.89.103 and destination port is 443
Drop If protocol is TCP and destination is 209.85.137.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.147.83 and destination port is 80
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.163.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.163.125 and destination port is 5222
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 443
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 5222
Drop If protocol is TCP and destination is 72.14.253.125 and destination port is 443
+chetan
|
Blocking IMs based on IPs doent seem to be a good idea as the clients use the fqdn to connect and the corresponding IP keeps changing. Better way is to block them using the fqdn (talk.google.com) and keep IPtables rules updating it using cron jobs.
Thanks
-logu
|
|
|
05-24-2007, 09:46 AM
|
#12
|
Member
Registered: Jan 2006
Location: Finland
Distribution: Mainly Gentoo
Posts: 119
Rep:
|
In my opinion the best filtering project at the application layer:
http://l7-filter.sourceforge.net/
|
|
|
05-25-2007, 05:35 AM
|
#14
|
Member
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 430
Rep:
|
as for skype that is the hardest application to block. The only way that i have seen to block skype is to do a packet matching with CISCO MARS systems. I use sidewinder firewalls at work and we cant even block skype on those.
|
|
|
07-02-2007, 02:33 AM
|
#15
|
LQ Newbie
Registered: Jul 2007
Posts: 1
Rep:
|
Hi Chetan, can u pls guide me how to add the below lines in my (rc.firewall.up)
Hi Chetan,
can u pls guide me how to add the below lines in my rc.firewall.up)file.
I don't know where to add these lines & as per my knowledge it should come like this.....
for eg:
# drop hits from Google Talk
/sbin/iptables -A INPUT -p TCP -i $RED_DEV --dport 5222 -j DROP
/sbin/iptables -A INPUT -p TCP -i $RED_DEV --dport 5223 -j DROP
/sbin/iptables -A INPUT -p TCP -i $RED_DEV --dport 5224 -j DROP
if I am right. I m waiting for your earliest reply.
I m using smoothwall 2.0. I also want to learn more about blocking IP Addresses & the Ports, if U can help me it wud be gr8 for me.
You can reply me in kinna_kinnna@yahoo.com
Thanks
Kiran
Quote:
Originally Posted by tuxchetan
To disable GTalk...
Setup these rules in your IPTables. or create ACLs in Squid.
Drop If destination is 72.14.253.125
Drop If destination is 72.14.255.100
Drop If destination is 209.85.139.83
Drop If destination is 66.249.89.99
Drop If destination is 64.233.163.189
Drop If destination is 209.85.137.125
Drop If protocol is TCP and destination is 66.249.89.103 and destination port is 443
Drop If protocol is TCP and destination is 209.85.137.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.147.83 and destination port is 80
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.163.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.163.125 and destination port is 5222
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 443
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 5222
Drop If protocol is TCP and destination is 72.14.253.125 and destination port is 443
+chetan
|
|
|
|
All times are GMT -5. The time now is 06:15 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|