Re: [FW-1] MESSENGER FILE TRANSFER BLOCK

[Ray [Permanent Link]]

Unless you go to R55W or block all outbound ports except for specific
sources, you probably can't do it. Many of these IM clients negotiate random
high ports if the standard ones won't work, so unless you're very closely
controlling outbound traffic, they'll just slip on through. R55W works
regardless of what port is used, a major difference from R55.

Ray

> From: Mateo Cabrera <mcabrera AT SADVISOR DOT COM>
> Reply-To: Mailing list for discussion of Firewall-1
> <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] MESSENGER FILE TRANSFER BLOCK
> Date: Fri, 27 Aug 2004 14:20:23 -0300
>
> NO...NO...NO...you don´t understand to me....!!!
>
>
> IN A "R55" ENVIRONMENT:
>
> I need to block FILE_TRANSFERs between two MSN clients client A and client
> B
> (with hotmail.com accounts) ok?
> Both clients are located in differents locations...ok?
> The client A are located behind a firewall.
> In the Firewall i want to block the FILE_TRANSFER functionality for client
> A.
> I tried to configure a rule base that to permit HTTP, and
> MSN_Services_group
> except File_Transfer service.
> Later, i to check the P2P-->MSN option in the SmartDefense and check the
> "Perform strict protocol enforcement"
> BUT...BUT...the clients A and B does continue to transfer the files.
> Resuming even if i remove the FILE_TRANSFER service from the rule base the
> file transference does continue.
> In the log i saw that all connections to use the MSNP service. And if
> remove
> MSNP service from the rule the client A can´t iniziate the session.
>
>
> ?¿?¿?¿?¿?
>
> Remember in a R55 environment.
>
>
> Saludos,
> Mateo Cabrera - Soporte Técnico
> Security Advisor
> www.sadvisor.com
>
>
> -----Mensaje original-----
> De: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]En nombre de Girard
> Moussa
> Enviado el: viernes, 27 de agosto de 2004 4:16
> Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Asunto: Re: [FW-1] MESSENGER FILE TRANSFER BLOCK
>
>
> Well,
>
> To answer  your question,  if there are on the same LAN segment and do not
> pass through a firewall as their gateway, then file transfer cannot be
> blocked. Why would you want to block file transfer internally between
> users?
> They can easily share files over the network or via email.
>
> Now as for being able to transfer files with outside users, well, the new
> versions of MSN don't even need MSN transfer protocols or any proprietary
> protocols. They now tunnel over http and even if you have a proxy in place,
> MSN will pick up the settings from IE and tunnel over the proxy. The only
> way to block MSN Messenger is at the proxy level if it is aware of MSN
> Messenger or at the firewall level via Smartdefense. However, Smartdefense
> will stop all MSN related traffic altogether and users would not be even
> able to log on to MSN, let alone transfer files.
>
> Girard Moussa
>
>
>
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Mihai 
> Lupu
> Sent: Friday, 27 August 2004 3:12 PM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] MESSENGER FILE TRANSFER BLOCK
>
>
> Hello,
> Now when I read your message I think that I remember something like the MSN
> files transfer don't involve MSN servers, but only the two PC (sender and
> destination); when they are in the same network it is obvious that this
> doesn't pass through your FW.
>
>
> Mihai
>
> -----Original Message-----
> From: Mateo Cabrera [mailto:mcabrera AT SADVISOR DOT COM]
> Sent: Thursday, August 26, 2004 22:27
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] MESSENGER FILE TRANSFER BLOCK
>
> ok, thanks to all.
>
> But my question was because i did try to send a file from one MSN client to
> other.
>
> I did configure a rule permitting all services except MSN_File_Transfer and
> the transferense did continue work fine.
>
> The problem was that both MSN clients was in a same internal network, and
> somebody told me that the communication between 2 MSN clients in a same LAN
> is bypassed by the FW in a second instance. (I don´t know if it´s real)
>
>
> Saludos,
> Mateo Cabrera - Soporte Técnico
> Security Advisor
> www.sadvisor.com
>
>
> -----Mensaje original-----
> De: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]En nombre de Mihai 
> Lupu
> Enviado el: jueves, 26 de agosto de 2004 15:22
> Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Asunto: Re: [FW-1] MESSENGER FILE TRANSFER BLOCK
>
>
> Hi!
> The NG-AI version of FW-1 knows well the different protocols of MSN, Yahoo
> and ICQ (video, file transfer and chat) so you can allow only the protocol
> that you want. I use myself this and is OK, I want to allow only chat but
> anything else not (like file transfer or video); this stuff could be
> dangerous (file transfer) or resources consuming (video) Mihai
>
>
>         -----Original Message-----
>         From: Mateo Cabrera [mailto:mcabrera AT SADVISOR DOT COM]
>         Sent: Thu 26-Aug-04 19:19
>         To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>         Cc:
>         Subject: [FW-1] MESSENGER FILE TRANSFER BLOCK
>
>
>
>         HEY GUYs....!!!
>
>         Me and other companion on this forum (jon Allingham) we have a
> problem to
>         block the IM File Transfer using SmartDefense.
>         Somebody know how to configure the FW-1 or SmartDefense to use the
> MSN but
>         do not to block the File Trafnsfers function of MSN?
>         Thanks a lot.
>
>
>         Saludos,
>         Mateo Cabrera - Soporte Tecnico
>         Security Advisor
>         www.sadvisor.com
>
>         =================================================
>         To set vacation, Out-Of-Office, or away messages,
>         send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>         in the BODY of the email add:
>         set fw-1-mailinglist nomail
>         =================================================
>         To unsubscribe from this mailing list,
>         please see the instructions at
>         http://www.checkpoint.com/services/mailing.html
>         =================================================
>         If you have any questions on how to change your
>         subscription options, email
>         fw-1-owner AT ts.checkpoint DOT com
>         =================================================
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages, send an email to
> LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
_________________________________________________________________
Don?t just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================