Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
0
Helpful
1
Replies

IPS (Newbie) Instant messaging

Go to solution
pwilliams05
Level 1
Level 1

‎11-11-2008 10:02 AM - edited ‎03-10-2019 04:22 AM

I'm just getting started using the IPS on our 5510 and thought I would start with trying to block instant messaging. I started with just alerts and found that one of my IT staff was triggering the AIM express activity alert. He has a AOL email account (guess I need to pay him more) and when he logs into AOL the instant messaging system is on the right hand side. I'm having problems blocking the AIM activity without locking him out of getting his AOL mail. What setting should I use?

Thanks for any help and if this isn't the correct forum to post something like this let me know.

Paul

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
william-white
Level 1
Level 1

‎11-11-2008 01:05 PM

I used the instructions here:

http://6200networks.com/2007/10/31/block-im-traffic-on-asa/

Works like a champ. Uses ASA firewall, not the IPS.

I have an IPS too, and enabled IPS signature rules (pre-defined) intercepting MSN Messenger Activity, AIM, etc. Edited such rules to reset TCP connection, Deny packets, etc.

Third, I created DNS zones pointing things like talk.google.com to 127.0.0.1. Multi-layered defense and all that.

So far it works. I can also watch the IPS give me Informational events telling when the IPS IM signature rules have activated. Pretty fun.

Let us know how this works out for you.

-- Bill

View solution in original post

0 Helpful
1 Reply 1

Go to solution
william-white
Level 1
Level 1

‎11-11-2008 01:05 PM

I used the instructions here:

http://6200networks.com/2007/10/31/block-im-traffic-on-asa/

Works like a champ. Uses ASA firewall, not the IPS.

I have an IPS too, and enabled IPS signature rules (pre-defined) intercepting MSN Messenger Activity, AIM, etc. Edited such rules to reset TCP connection, Deny packets, etc.

Third, I created DNS zones pointing things like talk.google.com to 127.0.0.1. Multi-layered defense and all that.

So far it works. I can also watch the IPS give me Informational events telling when the IPS IM signature rules have activated. Pretty fun.

Let us know how this works out for you.

-- Bill

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card