Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Block Messenger using access-list?
- Thread starter brunopt
- Start date
Block the servers, not the ports which can be dynamic and include common ports like port 80. There several lists of servers to block for these services. Better yet, get a proxy server like Bluecoat which can set policies and then examine the packet payload to determine to block or pass.
These are a start:
Yahoo!: *.msg.dcn.yahoo.com, pager.yahoo.com TCP port 5050
AIM: login.oscar.aol.com toc.oscar.aol.com aim.aol.com ports 5190-5193
MSN: messenger.msn.com *.msgr.hotmail.com ports 80 and 1863
Also, try this:
msg.edit.yahoo.com
edit.messenger.yahoo.com
csa.yahoo.com
csb.yahoo.com
csc.yahoo.com
Notice I'm NOT giving IP addresses since each of the names can and will resolve to several IP addresses so you need to block the NAME, not the IP address.
MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
These are a start:
Yahoo!: *.msg.dcn.yahoo.com, pager.yahoo.com TCP port 5050
AIM: login.oscar.aol.com toc.oscar.aol.com aim.aol.com ports 5190-5193
MSN: messenger.msn.com *.msgr.hotmail.com ports 80 and 1863
Also, try this:
msg.edit.yahoo.com
edit.messenger.yahoo.com
csa.yahoo.com
csb.yahoo.com
csc.yahoo.com
Notice I'm NOT giving IP addresses since each of the names can and will resolve to several IP addresses so you need to block the NAME, not the IP address.
MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
GeneralDzur
Technical User
Hey, I'm a major newb considering Cisco routers. I was reading the post above because we've been having the same problem on our network, and I would like to know how to block this type of traffic. We aren't using a proxy server (it's not really an option at this point), but my question is: How would I block a hostname using an Access-list? Could you give me an example of the command to use?
netadmin65
Technical User
The answer is Cisco NBAR. Look on cisco.com
for NBAR configurations. Basically you make a class-map
with a "match protocol http url" command, join it to a policy-map, then apply that policy to an interface.
Wildcards such as the asterisk are allowed. A sample
line in the class-map might read:
match protocol http url "*messenger*"
Note: my example will also block any URL with
messenger as part of it.
for NBAR configurations. Basically you make a class-map
with a "match protocol http url" command, join it to a policy-map, then apply that policy to an interface.
Wildcards such as the asterisk are allowed. A sample
line in the class-map might read:
match protocol http url "*messenger*"
Note: my example will also block any URL with
messenger as part of it.
You may be able to block these applications using ACLs but it is only a temporarily solution since the servers are constantly changing and new ones are deployed every now and then.
To successfully block these applications you need to block them at the application layer. You can use a proxy server, a content filtering application such as Websense, etc or you can wait until PIX version 7.0 is released and use the new advanced firewall features which can effectively blcok these applications.
To successfully block these applications you need to block them at the application layer. You can use a proxy server, a content filtering application such as Websense, etc or you can wait until PIX version 7.0 is released and use the new advanced firewall features which can effectively blcok these applications.
- Status
Similar threads