[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AIM and packet filters (was Re: Logging Question)

On Fri, 2004-11-12 at 11:41:10 -0600, Kevin proclaimed...
> While a strong deep-protocol-inspection product like the IntruShield
> *might* detect the protocol anomoly, the only effective way for a
> stateful packet inspection device to block AIM is to refuse ALL
> traffic towards the IP addresses which host the "login.oscar.aol.com"
> service (there are approximately fifty such servers under aol.com and
> icq.com).
You could also poison your dns caches and redirect them to null.