|
Posted by Jameseee on August 11, 2005, 3:26 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Is there any way to block access to all web-based e-mail accounts or do they
need to be blocked individually?
I suspect the answer will be individually, which begs the second question.
Is there a good list of the larger providers out there?
I guess I need to block access to Hotmail, Yahoo Mail, AOL, Bell South,
Comcast. Will this block the various messenger services as well? I will
also need to block those.
Any recommendations on how to accomplish this?
Any help would be much appreciated.
Thanks.
James
|
|
Posted by Walter Roberson on August 11, 2005, 3:39 pm
If you were Registered and logged in, you could reply and use other advanced thread options
:Is there any way to block access to all web-based e-mail accounts or do they
:need to be blocked individually?
They might be http or https accesses to regular web servers, and
there is no common protocol by which one can tell whether a particular
page is accessing email or not.
There are definitional problems involved: is a 'blog' a "web-based email
account" ? Is google groups when one is not logged in? Google groups when
one -has- logged in?
:I guess I need to block access to Hotmail, Yahoo Mail, AOL, Bell South,
:Comcast. Will this block the various messenger services as well?
No, the IM services sometimes use different net numbers, hosts, or ports.
Some of them, such as Skype, are aggressive in searching out ports
that are not blocked by the local firewall.
It is not easy to untangle hotmail and microsoft's instant messenger
service from other microsoft services. One can block the Passport
login pages that they have in common, but that blocks more than just
hotmail and MSN, and at various times I have found microsoft interleaving
other useful pages into the IP range used by the Passport login --
KnowledgeBase, downloads, MSN's [TV] news...
--
Look out, there are llamas!
|
|
Posted by I am a Sock Puppet on August 11, 2005, 5:33 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Walter Roberson wrote:
>
> No, the IM services sometimes use different net numbers, hosts, or ports.
> Some of them, such as Skype, are aggressive in searching out ports
> that are not blocked by the local firewall.
>
But if ya use a firewall with deep packet inspection that knows what
traffic for these services looks like, it won't matter how aggressive
the software is.
My sonicwall seems to do a pretty darn good job of blocking IM.
--
---
I am a Sock Puppet - a spews parrot and a member of the spews lunatics
of n.a.n-a.e. (AKA spews fanatics)
Which means I support moris, since moris *IS* spews.
|
|
Posted by Walter Roberson on August 11, 2005, 7:04 pm
If you were Registered and logged in, you could reply and use other advanced thread options
:Walter Roberson wrote:
:> No, the IM services sometimes use different net numbers, hosts, or ports.
:> Some of them, such as Skype, are aggressive in searching out ports
:> that are not blocked by the local firewall.
:But if ya use a firewall with deep packet inspection that knows what
:traffic for these services looks like, it won't matter how aggressive
:the software is.
:My sonicwall seems to do a pretty darn good job of blocking IM.
That's nice, but the OP's requirement was to block ALL web-based email
and IM services. There's an unlimited number of those around,
with an unlimited number of potential protocols. For example, some
people IM by renaming files in a NETBIOS shared Windows partition.
--
Look out, there are llamas!
|
|
Posted by Leythos on August 11, 2005, 7:31 pm
If you were Registered and logged in, you could reply and use other advanced thread options
cnrc.gc.ca says...
> :But if ya use a firewall with deep packet inspection that knows what
> :traffic for these services looks like, it won't matter how aggressive
> :the software is.
>
> :My sonicwall seems to do a pretty darn good job of blocking IM.
>
> That's nice, but the OP's requirement was to block ALL web-based email
> and IM services. There's an unlimited number of those around,
> with an unlimited number of potential protocols. For example, some
> people IM by renaming files in a NETBIOS shared Windows partition.
renaming files means nothing to packet inspection on the network.
--
spam999free@rrohio.com
remove 999 in order to email me
|
| Similar Threads | Posted | | ZA blocking email | August 29, 2005, 9:24 am |
| outpost blocking email client | September 1, 2006, 5:56 am |
| SonicWALL 2040 + DMZ = Email/Web/FTP access | April 4, 2006, 1:35 pm |
| Security Sanity Check - Email server in DMZ or VPN Access | November 23, 2004, 7:21 pm |
| Norton Internet Security Blocking Outlook Express email !!! argh! | August 5, 2005, 9:44 am |
| N.I.S. blocking access | October 4, 2009, 11:03 am |
| Blocking access to a network | May 31, 2005, 2:12 am |
| Kerio blocking gmail access | August 17, 2005, 2:58 am |
| Selctive internet access blocking? | September 23, 2005, 12:48 pm |
| Blocking unauthorized remote access | September 24, 2006, 1:39 am |
|
|
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map