Does anyone have an idea on blocking MSN Messenger 5 on PIX 501. I tried denying Port 1863 and 569 but messenger still works. Tried almost every forum on the net to no avail.
The only luck I have had blocking most of these engines is to block the actual server addresses that the messenger is trying to connect to. This is very time consuming (took me about 10 hours total to block AIM, MSN and Yahoo) and even then they put new servers up and it requires constant maintenance.
Let me know if you are interested and I can post some instructions.
Hi, Thanks for the input. Sure I am interested to do it. Just talk to cisco engineer and he told me to get content filtering software, I checked them and they are very expensive. I only have a very small network and there are only 3 users that constanly chat everyday so I want to restrict it. If this will work on my network, I can probably help you monitor every new servers they will have.
I am currently using PlowPatrol by Pancho networks. It fits in very well in my landscape as I have it just before the firewall, though I guess you could have it sitting just before your ISP router,
I changed my gateway router to point to the FlowPatrol machine instead of the firewall for outgoing traffic, the FlowPatrol then has the Firewall IP as it's Gateway.
It is a packet filter but it is not as expensive as some, although you do need a machine for it to sit on. You can either choose to block certian traffic or limit the bandwidth. The logging could be better but I guess this will improve with future releases.
It is very easy to set up and get working and the guys at Pancho are evry helpful and will assist you if you require them to, there is a 10 day eval on the pancho networks website, worth taking a look;
I checked on FlowPatrol and it said that in only runs on Windows XP/2000 (ver. 3). The machines that I want IM blocked are Win98. Right now I am playing with AnalogX Proxy, it's free and it runs on any Windows OS, though I am still trying to integrate it with my PIX firewall.
Although it runs on XP/2000 you can monitor any platform as it just examines packets, the only thing is that it must sit on a 2000/xp machine. You only install it on one machine, there isn't any client install.
Could you not have just one machine machine with 2000/XP?
If you want to e-mail me I could try and run you through it
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.