Mike Jones wrote:
> > I am well versed on the security problems facing Pointcast implementation
> > (this list has been generous in discussing the issues of this technology).
> > Now I have a site where we want to explicitly block **all** Pointcast
> > traffic. (Its due to bandwidth problems, not security at the moment).
> > Any pointers since there is little on the protocol that I have had
> > in all my boundless free time to pick up....
> > I'd like to hear some general ideas on how to secure it, and then also if
> > you can address that I have at my disposal Netscape Proxy, FW-1, and fwtk
> > (1.3) for this particular scenario.
> I've done this for a couple of customers using FW-1. Just set up a rule
> of source: www.pointcast.com, destination: any, protocol: any, action: drop.
> That should do it.
Actually that will not do it. The last time I checked the Pointcast
browser tries several IP addresses before giving up.
If you block just one address it just rolls to another
and will still work.
You need to block the whole Class C address for Pointcast.