How to block web messenger with AIM-IPS?

victorgarciaternero · ‎02-11-2009

Hello, I have a 2821 with an AIM-IPS card. I would like to block some applications over http, like web messenger, remote desktop over http (like logmein) and these kind of services. I have enabled all signatures in the IPS and when I start a web messenger client (for example www.ebuddy.com) no signature fires. Are there any solutions to block them?

Thanks in advance.

victorgarciaternero · ‎02-13-2009

Hello, anybody have the same problem? Or maybe there is no fix...

Best regards.

roshan.maskey · ‎04-04-2009

Hi Victor,

This might help you on blocking web messengers.

regex imo "imo\.com"

regex meebo "meboo\.com"

regex imhaha "imhaha\.com"

regex mabber "mabber\.com"

regex web_msn "webmessenger\.msn\.com"

regex koolim "koolim\.com"

regex msnfx "messengerfx\.com"

regex iloveim "iloveim\.com"

regex goowy "goowy\.com"

regex plugoo "plugoo\.com"

regex imunitive "imunitive\.com"

regex snimmer "snimmer\.com"

regex ebuddy "www\.ebuddy\.com"

class-map type regex match-any BLOCK-WEB-IM

description Deny all web messengers

match regex imo

match regex web_msn

match regex koolim

match regex imunitive

match regex goowy

match regex mabber

match regex ebuddy

match regex meebo

match regex iloveim

match regex msnfx

match regex snimmer

match regex imhaha

match regex plugoo

class-map type inspect http match-all IM-DOMAIN-BLOCK

match request header host regex class BLOCK-WEB-IM

policy-map type inspect http INSIDE-L7-POLICY

parameters

protocol-violation action drop-connection log

class IM-DOMAIN-BLOCK

reset log

policy-map inside-policy

class inside-class

inspect http INSIDE-L7-POLICY

roshan.maskey · ‎04-05-2009

sorry, that was for ASA