I've read on phoneboy that ICQ can be tunnelled over http using some program...as far as I can see on the f/wall log this is whats heppening.

Can anyone give me any tips how I can stop this?

Cheers

John

 

Create an outgoing rule to block traffic to the icq servers.

 

I'm using Raptor

Can't do URL blocking without webnot

 

Your not my network admin are you?

if it does do that then its pretty tricky to stop as the port http request reply on is a standard feature. Its been a while since I set up out cisco router.

just looked at the icq settings.. if you just ban the icq.com ip's (login.icq.com = 205.188.179.233) then the http web requests will be banned at the same time.. know its a bit ham fisted but dont know what else 2 suggest.

 

http://www.phoneboy.com/faq/0059.html gives some IP addresses etc to block. (and www.icqproxy.com = 63.218.224.159)

Failing that it may be possible to dig down into FW-1 and write some inspect code to check for not http port 80 traffic but I've personally not done that sort of thing

Juts seen the raptor repsonse so FW-1 not going to be much use

[Edited by dsmith - 12/13/2001 12:06:17 PM]

 

doh while typing my suggestion other ppl beat me too it cant belive u can't ban ip's though... seems to be a good firewall (after a brief search on the net)

 

Emm, I think maybe I can edit the conf file to get Raptor to block url's that way...
My understanding is that raptor out the box can only do http allows, so all other url's other than those specified are dropped.

 

It can block IP addresses though (I'm sure they couldn't call it a F/W otherwise ).