How to restrict ICQ traffic (Full Version)

All Forums >> [ISA Server 2000 Firewall] >> Firewall Client



Message


xeneize -> How to restrict ICQ traffic (16.May2001 9:58:00 PM)

My ISA Server report traffic (Firewall) and the user is using CD_LOAD.EXE or ICQ.EXE.
Example of logs:

192.168.159.58, LlorenteJ, CD_Load.exe:3:5.0, Y, 5/16/2001, 13:10:14, fwsrv, HPLCII, -, www.microsoft.com, 207.46.230.229, 0, -, 0, 0, -, -, GHBN, -, -, -, 0, 0, Usuarios con permiso de navegaci=n, Solo Sitios de Soporte y Desarrollo, 26, 0
192.168.159.58, LlorenteJ, CD_Load.exe:3:5.0, Y, 5/16/2001, 13:10:14, fwsrv, HPLCII, -, www.cms2.net, 212.29.215.2, 0, -, 0, 0, -, -, GHBN, -, -, -, 0, 0, Usuarios con permiso de navegaci=n, Allow rule, 26, 0
192.168.159.58, LlorenteJ, CD_Load.exe:3:5.0, Y, 5/16/2001, 13:10:14, fwsrv, HPLCII, -, -, 212.29.215.2, 80, -, 0, 0, 80, TCP, Connect, -, -, -, 0, 0, Usuarios con permiso de navegaci=n, -, 26, 6079
192.168.159.58, LlorenteJ, CD_Load.exe:3:5.0, Y, 5/16/2001, 13:10:14, fwsrv, HPLCII, -, -, 212.29.215.2, 80, 15, 0, 3371, 80, TCP, Connect, -, -, -, 20000, 0, Usuarios con permiso de navegaci=n, -, 26, 6079

How I can block traffic on port 80 only if client program used is ICQ.EXE or CS_LOAD.EXE?





tshinder -> RE: How to restrict ICQ traffic (17.May2001 4:58:00 AM)

Hi xeneize,

Remove the programs from the client computer. If they reappear, take the issue to management.

HTH,
Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/


Get it Here!





xeneize -> RE: How to restrict ICQ traffic (17.May2001 5:05:00 AM)

This is the only way?




tshinder -> RE: How to restrict ICQ traffic (23.May2001 8:12:00 PM)

Hi xeneize,

I don't use ICQ, so I can't give you first hand experience. However, do you know if ICQ needs to connect to a central server in order to do whatever it does? If so, you can block the domain to which the ICQ client need to connect. That should stop them!

HTH,
Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

Get It Here





mwuagi -> RE: How to restrict ICQ traffic (13.Jun.2001 4:22:00 AM)

One could also go into the GPO in Win2K and try to block icq.exe from being executed on the domain...


quote:
Originally posted by tshinder:
Hi xeneize,

I don't use ICQ, so I can't give you first hand experience. However, do you know if ICQ needs to connect to a central server in order to do whatever it does? If so, you can block the domain to which the ICQ client need to connect. That should stop them!

HTH,
Tom






tshinder -> RE: How to restrict ICQ traffic (28.Jun.2001 6:02:00 PM)

Hey Guys,

Since this issue came up, I investigated the problem more thoroughly, because a lot of people have had this problem.

There are several ways you can do this:

1. Use group policy, as mwuagi mentioned.

2. Make changes to the mspclnt.ini file on the ISA Server

3. Create the appropriate Site and Content rules that deny particular web sites

4. Disabling the SOCKS v4 Application Filter

I'm writing an article on how to do this which will show up in TechProGuild in the next few weeks. I'll be sure we have a link here so you all can find it!

Thanks!

Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

Get It Here





Page: [1]