Well,
To answer your question, if there are on the same LAN segment and do not pass
through a firewall as their gateway, then file transfer cannot be blocked. Why
would you want to block file transfer internally between users? They can easily
share files over the network or via email.
Now as for being able to transfer files with outside users, well, the new
versions of MSN don't even need MSN transfer protocols or any proprietary
protocols. They now tunnel over http and even if you have a proxy in place, MSN
will pick up the settings from IE and tunnel over the proxy. The only way to
block MSN Messenger is at the proxy level if it is aware of MSN Messenger or at
the firewall level via Smartdefense. However, Smartdefense will stop all MSN
related traffic altogether and users would not be even able to log on to MSN,
let alone transfer files.
Girard Moussa
-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST AT
AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Mihai Lupu
Sent: Friday, 27 August 2004 3:12 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] MESSENGER FILE TRANSFER BLOCK
Hello,
Now when I read your message I think that I remember something like the MSN
files transfer don't involve MSN servers, but only the two PC (sender and
destination); when they are in the same network it is obvious that this doesn't
pass through your FW.
Mihai
-----Original Message-----
From: Mateo Cabrera [mailto:mcabrera AT SADVISOR DOT COM]
Sent: Thursday, August 26, 2004 22:27
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] MESSENGER FILE TRANSFER BLOCK
ok, thanks to all.
But my question was because i did try to send a file from one MSN client to
other.
I did configure a rule permitting all services except MSN_File_Transfer and the
transferense did continue work fine.
The problem was that both MSN clients was in a same internal network, and
somebody told me that the communication between 2 MSN clients in a same LAN is
bypassed by the FW in a second instance. (I don´t know if it´s real)
Saludos,
Mateo Cabrera - Soporte Técnico
Security Advisor
www.sadvisor.com
-----Mensaje original-----
De: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST AT
AMADEUS.US.CHECKPOINT DOT COM]En nombre de Mihai Lupu Enviado el: jueves, 26 de
agosto de 2004 15:22
Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Asunto: Re: [FW-1] MESSENGER FILE TRANSFER BLOCK
Hi!
The NG-AI version of FW-1 knows well the different protocols of MSN, Yahoo and
ICQ (video, file transfer and chat) so you can allow only the protocol that you
want. I use myself this and is OK, I want to allow only chat but anything else
not (like file transfer or video); this stuff could be dangerous (file
transfer) or resources consuming (video) Mihai
-----Original Message-----
From: Mateo Cabrera [mailto:mcabrera AT SADVISOR DOT COM]
Sent: Thu 26-Aug-04 19:19
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Cc:
Subject: [FW-1] MESSENGER FILE TRANSFER BLOCK
HEY GUYs....!!!
Me and other companion on this forum (jon Allingham) we have a problem
to
block the IM File Transfer using SmartDefense.
Somebody know how to configure the FW-1 or SmartDefense to use the MSN
but
do not to block the File Trafnsfers function of MSN?
Thanks a lot.
Saludos,
Mateo Cabrera - Soporte Tecnico
Security Advisor
www.sadvisor.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to LISTSERV AT
amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail =================================================
To unsubscribe from this mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail =================================================
To unsubscribe from this mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
