Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

blocking hotmail and yahoo.com in ASA 5510

Posted on 2009-05-05
3
Medium Priority
?
865 Views
Last Modified: 2013-11-16
ANY IDEAS HOW TO BLOCK HOTMAIL AND YAHOO through ASA5510  VER 8.0(4)
0
Comment
Question by:alimohammed72
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 24304525
In an ASA Firewall you can block any outbound request using an Access list.   THE ACL is read in sequential order, top to bottom, so as soon as there is a match the processing stops.  

Your list would need to look something like this:

Access-list inside_to_outside extended deny ip any <ip address subnet of hotmail>  <subnet mask of hotmail>
Access-list inside_to_outside extended deny ip any <ip address subnet of yahoo>  <subnet mask of yahoo>
Access-list inside_to_outside extended permit tcp any any eq 80
Access-list inside_to_outside extended permit tcp any any eq 443

access-group inside_to_outside in interface inside

This will block any ip request to the ip subnet of hotmail or yahoo yet allow any other port 80/443 request outbound.   There is an implicit deny at the end of any access list, so all other communication would be blocked.  


0
 

Author Comment

by:alimohammed72
ID: 24305488
how am I going to know the subnets for Hotmail and Yahoo
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 2000 total points
ID: 24305813
Here are the hotmail ips
http://wiki.answers.com/Q/How_do_you_block_hotmail.com

Here are the yahoo ips
 66.163.0.0/16
 67.195.186.0/24
68.142.230.0/24
 69.147.112.0/24
 98.136.112.0/24
208.69.32.0/24
216.136.0.0/16



You know that anyone can still hit a public proxy then get to these sites....     Or setup a personal proxy at home and bypass this ip range.      The best way to block this would be setup a web filter like websense and block the webmail category along with the proxy/anonymizer category.  


0

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question