I'm just getting started using the IPS on our 5510 and thought I would start with trying to block instant messaging. I started with just alerts and found that one of my IT staff was triggering the AIM express activity alert. He has a AOL email account (guess I need to pay him more) and when he logs into AOL the instant messaging system is on the right hand side. I'm having problems blocking the AIM activity without locking him out of getting his AOL mail. What setting should I use?
Thanks for any help and if this isn't the correct forum to post something like this let me know.
I used the instructions here:
Works like a champ. Uses ASA firewall, not the IPS.
I have an IPS too, and enabled IPS signature rules (pre-defined) intercepting MSN Messenger Activity, AIM, etc. Edited such rules to reset TCP connection, Deny packets, etc.
Third, I created DNS zones pointing things like talk.google.com to 127.0.0.1. Multi-layered defense and all that.
So far it works. I can also watch the IPS give me Informational events telling when the IPS IM signature rules have activated. Pretty fun.
Let us know how this works out for you.