Reg: Blocking Yahoo messanger in firewall

Its only an Idea, I dont know if it even works, I have no time to test it, so if you have time, try it, conceptually it must.

It works. I had to do it at my last job. Personally, I'm against it, but I'm an admin so it is just another tool for finding info I want (firends give good insight when google searches come up empty). Luckily, I was the one who built the network from the ground up, so the admin team was not limited at all, but the rest of the company had some restrictions.

Hi d_jabsd.

What about network performance? and router cpu cycles?? I mean, it works, but by a cost, that the router must examine every packet, at layer 7, so it adds little extra overhead or delay, so my question is, if it is performed in a production network, are users noticing delays, or you as an admin noticing high cpu proc in the router??

In our case, performance didn't take much of a hit, but we didn't have that much traffic flowing through the routers. I also limited the the check to NAT address of the regular users, so most of the traffic wasn't checked.

Since they are designed for this type traffic policing, I wouldn't think it would overload the router, but it really depends on everything you have going on.

I block Yahoo, ICQ, AIM and MSN via DNS. Each program connects to a FQDN in the settings. Add dummy records to your internal DNS server so when the person attemtps to connect it routes them to a dead IP.

I like this idea , and I want to try it, could you please give more details and share with us any experience that might you had

Regards