General discussion

Locked

Access-List To Block Chat ???

By azdavid99 ·
I just got my CCNA and I'm still quite new to Cisco. I'm trying to come up with an access-list for IP to block chat. I noticed in the Cisco site that part of the commands may end up pointing to port 194 which pertains to IRC. I'd like to be able to deny any chat rooms all together.
Thanks,
Dave

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Access-List To Block Chat ???

by Stillatit In reply to Access-List To Block Chat ...

Blocking IRC will go a long way, but note that there are many sites which chat using web sites, and you are not going to successfully block port 80. In any case, here are some other ports you may want to think about:
1863 MSN messenger
6667 IRC
531 Conference
47624 Gamevoice
5190 AOL IM
Note that many of these use the main port for the purpose of negotiating a mutually-agreeable high-numbered port to actually carry the traffic on. If you block the negotiation, you probably block the conference.

This list is NOT complete. New programs are invented daily. Some make it to the public, some don't.

I suggest that you treat this as a people problem rather than a technical problem. If the company does not want people using chat in anyform, have a company policy so state, and most of the use will stop. If you just start blocking ports without a policy in place, users will complain to your boss or to HR, and you will wind up in trouble.

Good luck.

Collapse -

Access-List To Block Chat ???

by azdavid99 In reply to Access-List To Block Chat ...

The question was auto-closed by TechRepublic

Collapse -

Access-List To Block Chat ???

by guru@net In reply to Access-List To Block Chat ...

The best way to handle this situation in addition to policies described by the previous poster, is to use your access-list to deny all traffic and only open ports that you wish to permit.

"tcp any any established" will let the most common services through (i.e. web, mail, etc.) Then just open any UDP that you want to permit (i.e. DNS UDP/53) and deny any TCP that you don't want to pass. Most IM clients use UDP. IRC uses 194/TCP and UDP.

HTH

Collapse -

Access-List To Block Chat ???

by azdavid99 In reply to Access-List To Block Chat ...

The question was auto-closed by TechRepublic

Collapse -

Access-List To Block Chat ???

by azdavid99 In reply to Access-List To Block Chat ...

This question was auto closed due to inactivity

Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums