Firewall rules using IP?

Gromit · Post by **Gromit** » 19 Dec 2006, 10:23

I have a firewall that can only use IP addresses and I desperately need to block hotmail from our network. Any idea how this can be done?

Post by **ryanrich** » 19 Dec 2006, 10:27

ping www.hotmail.com

Pinging www.hotmail.aate.nsatc.net [212.162.1.125] with 32 bytes of data:

Reply from 212.162.1.125: bytes=32 time=199ms TTL=47
Reply from 212.162.1.125: bytes=32 time=214ms TTL=47
Reply from 212.162.1.125: bytes=32 time=199ms TTL=47
Reply from 212.162.1.125: bytes=32 time=204ms TTL=47

Ping statistics for 212.162.1.125:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 199ms, Maximum = 214ms, Average = 204ms

<Block_IP=212.162.1.125>

SBSP · Post by **SBSP** » 19 Dec 2006, 10:32

for a start block IP 64.4.33.7 and 65.54.179.248

They probably have plenty servers.

Best would be to have a proxyserver that blocks websites and then

block ports 25/110 on the firewall for all computers in the internal network and only allow your mail server through.

Anyway i dont know how you network is set up ,but in my enviroment that is what i wouldive done.

Gromit · Post by **Gromit** » 19 Dec 2006, 10:33

Thats all good and fine, but you can access Hotmail from different sites, try hotmail.msn.com, to name one.

Nuke · Post by **Nuke** » 19 Dec 2006, 10:43

Better way to get an IP.

C:\Documents and Settings\Administrator>nslookup www.hotmail.com
Server: dnscache1.is.co.za
Address: 168.210.2.2

Non-authoritative answer:
Name: www.hotmail.aate.nsatc.net
Addresses: 166.63.208.158, 212.162.1.124, 166.63.208.158
Aliases: www.hotmail.com, www.hotmail.com.nsatc.net

There you have all the addresses.

Post by **ryanrich** » 19 Dec 2006, 10:44

Upgrade to a civilised Firewall/Proxy like ISA Server and then it will simplify things a lot...

Gromit · Post by **Gromit** » 19 Dec 2006, 10:47

I would love to get an ISA server but the company is a bit stingy. Just got them to buy a new Dual Xeon server with MS server 2003 standard (alas no ISA or Exchange). Think I will put in a Linux machine as the proxy and load Squid.

Nuke · Post by **Nuke** » 19 Dec 2006, 10:49

You are using a Mikrotik if I remember right? Then use Mangle and mark packets containing eg. the word "hotmail"

SBSP · Post by **SBSP** » 19 Dec 2006, 10:49

Gromit wrote:I would love to get an ISA server but the company is a bit stingy. Just got them to buy a new Dual Xeon server with MS server 2003 standard (alas no ISA or Exchange). Think I will put in a Linux machine as the proxy and load Squid.

Thats exactly what i did.

I i never went wrong

Futs · Post by **Futs** » 19 Dec 2006, 11:58

Squid is good

you can actually block MAC addresses to certain sites or rather only allow the ones you'd like.

For a proxy it is one of the best, That would be the route I'd go