From: Raymund Estrada (raymundfe@xxxxxxxxx)
Date: Fri Jul 05 2002 - 14:46:43 GMT-3
Hello,
I put together a whole list of unnecessary services to
block.. .actually got them from www.oofle.com , but we
put together the outbound access-list for it. Don't
forget to apply the outbound access-list to the
interface!
Aol
outbound 1 (inside) deny 152.163.214.75
255.255.255.255 0 ip
outbound 1 (inside) deny 152.163.214.76
255.255.255.255 0 ip
outbound 1 (inside) deny 152.163.214.108
255.255.255.255 0 ip
outbound 1 (inside) deny 152.163.214.109
255.255.255.255 0 ip
outbound 1 (inside) deny 205.188.1.56 255.255.255.255
0 ip
outbound 1 (inside) deny 205.188.4.106 255.255.255.255
0 ip
outbound 1 (inside) deny 205.188.147.114
255.255.255.255 0 ip
outbound 1 (inside) deny 152.163.241.121
255.255.255.255 0 ip
outbound 1 (inside) deny 152.163.241.129
255.255.255.255 0 ip
outbound 1 (inside) deny 152.163.242.28
255.255.255.255 0 ip
outbound 1 (inside) deny 152.163.242.24
255.255.255.255 0 ip
outbound 1 (inside) deny 152.163.241.120
255.255.255.255 0 ip
outbound 1 (inside) deny 152.163.241.128
255.255.255.255 0 ip
outbound 1 (inside) deny 152.163.241.96
255.255.255.255 0 ip
outbound 1 (inside) deny 64.12.161.153 255.255.255.255
0 ip
outbound 1 (inside) deny 64.12.161.185 255.255.255.255
0 ip
Yahoo Messenger
outbound 1 (inside) deny 0.0.0.0 0.0.0.0 5050 tcp
outbound 1 (inside) deny 24.71.200.68 255.255.255.255
0 ip
outbound 1 (inside) deny 204.71.202.73 255.255.255.255
0 ip
outbound 1 (inside) deny 204.71.200.54 255.255.255.255
0 ip
outbound 1 (inside) deny 204.71.200.55 255.255.255.255
0 ip
outbound 1 (inside) deny 204.71.200.56 255.255.255.255
0 ip
outbound 1 (inside) deny 204.71.200.57 255.255.255.255
0 ip
outbound 1 (inside) deny 204.71.177.35 255.255.255.255
0 ip
outbound 1 (inside) deny 204.71.202.59 255.255.255.255
0 ip
outbound 1 (inside) deny 204.71.202.58 255.255.255.255
0 ip
outbound 1 (inside) deny 216.115.105.214
255.255.255.255 0 ip
outbound 1 (inside) deny 204.71.201.47 255.255.255.255
0 ip
outbound 1 (inside) deny 204.71.201.48 255.255.255.255
0 ip
outbound 1 (inside) deny 216.115.105.215
255.255.255.255 0 ip
outbound 1 (inside) deny 216.136.172.221
255.255.255.255 0 ip
outbound 1 (inside) deny 216.115.107.63
255.255.255.255 0 ip
outbound 1 (inside) deny 216.115.107.64
255.255.255.255 0 ip
outbound 1 (inside) deny 216.115.107.65
255.255.255.255 0 ip
outbound 1 (inside) deny 216.115.107.66
255.255.255.255 0 ip
outbound 1 (inside) deny 216.115.107.67
255.255.255.255 0 ip
outbound 1 (inside) deny 216.115.107.101
255.255.255.255 0 ip
outbound 1 (inside) deny 216.115.107.102
255.255.255.255 0 ip
outbound 1 (inside) deny 216.115.107.103
255.255.255.255 0 ip
outbound 1 (inside) deny 216.115.107.104
255.255.255.255 0 ip
outbound 1 (inside) deny 216.115.107.105
255.255.255.255 0 ip
outbound 1 (inside) deny 216.136.173.179
255.255.255.255 0 ip
MSN Messenger
//-------------may not be necessary to block 1863
since new MSN messenger autodetects available outgoing
ports
outbound 1 (inside) deny 0.0.0.0 0.0.0.0 1863 tcp
outbound 1 (inside) deny 64.4.13.0 255.255.255.0 0 ip
ICQ
outbound 1 (inside) deny 0.0.0.0 0.0.0.0 5190 tcp
outbound 1 (inside) deny 64.12.200.89 255.255.255.255
0 ip
outbound 1 (inside) deny 205.188.179.233
255.255.255.255 0 ip
Bear2Share, Gnutella
outbound 1 (inside) deny 0.0.0.0 0.0.0.0 6436 tcp
Kaaza, Bearshare
outbound 1 (inside) deny 0.0.0.0 0.0.0.0 1214 tcp
outbound 1 (inside) deny 206.142.53.0 255.255.255.0 0
ip
outbound 1 (inside) deny 213.248.112.0 255.255.255.0 0
ip
Audio Galaxy
outbound 1 (inside) deny 64.245.58.0 255.255.252.0 0
ip
Limewire
outbound 1 (inside) deny 0.0.0.0 0.0.0.0 6346 tcp
--- cannonr@attbi.com wrote:
> Did you use an outbound access-list on the PIX? Can
> you
> show us your configuration?
> > I want to block chat application like icq on pix
> using a access-list, but it
> > does not work, why?
> >
>
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:19 GMT-3