Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Block MSN Messenger
- Thread starter cc929
- Start date
Well it depends on the firewall you are using.
When nothing worked, this worked on our Sysmantec firewall 7.04 on windows NT. Maybe there is something that is specific to the firewall you use in this regard.
search for doc id number - 2003090913515954
Good Luck.
- Ketan
=================
Using URL Pattern matching to block MSN Messenger traffic at Symantec Enterprise Firewall products
Situation:
You want to block MSN messenger traffic with your Symantec Enterprise Firewall product (Symantec Enterprise Firewall, Symantec VelociRaptor, or Symantec Gateway Security appliance) to enforce security policy, increase available bandwidth, or because of other issues with the traffic.
Solution:
Symantec Enterprise Firewall products incorporate a URL Pattern matching feature. This feature can be a very effective method of blocking some traffic, including MSN Messenger traffic where connections always include the similar text strings.
To block MSN Messenger using URL Pattern matching
Connect to your firewall with the Symantec Raptor Management Console (SRMC).
In the left pane, right-click the name of your firewall and select All Tasks > Editor.
On the menu bar of the Editor window, click File > Open.
In the Open dialog box, select the httpurlpattern.cf file from the list and click OK.
Add this line to the file:
gateway/gateway\.dll*
Save the file and exit the Editor.
In the left pane of the SRMC, expand Access Controls and highlight Rules.
In the right pane, double-click the rule to which you want to apply URL Patter matching.
In the Rule Properties window, on the Advanced Services tab, click Add.
In the Service Parameters dialog box, type the following line and then click OK.
http.urlpattern
In the Rule Properties window, click OK.
Save and Reconfigure your firewall.
When nothing worked, this worked on our Sysmantec firewall 7.04 on windows NT. Maybe there is something that is specific to the firewall you use in this regard.
search for doc id number - 2003090913515954
Good Luck.
- Ketan
=================
Using URL Pattern matching to block MSN Messenger traffic at Symantec Enterprise Firewall products
Situation:
You want to block MSN messenger traffic with your Symantec Enterprise Firewall product (Symantec Enterprise Firewall, Symantec VelociRaptor, or Symantec Gateway Security appliance) to enforce security policy, increase available bandwidth, or because of other issues with the traffic.
Solution:
Symantec Enterprise Firewall products incorporate a URL Pattern matching feature. This feature can be a very effective method of blocking some traffic, including MSN Messenger traffic where connections always include the similar text strings.
To block MSN Messenger using URL Pattern matching
Connect to your firewall with the Symantec Raptor Management Console (SRMC).
In the left pane, right-click the name of your firewall and select All Tasks > Editor.
On the menu bar of the Editor window, click File > Open.
In the Open dialog box, select the httpurlpattern.cf file from the list and click OK.
Add this line to the file:
gateway/gateway\.dll*
Save the file and exit the Editor.
In the left pane of the SRMC, expand Access Controls and highlight Rules.
In the right pane, double-click the rule to which you want to apply URL Patter matching.
In the Rule Properties window, on the Advanced Services tab, click Add.
In the Service Parameters dialog box, type the following line and then click OK.
http.urlpattern
In the Rule Properties window, click OK.
Save and Reconfigure your firewall.
Its been a while, but I think these are the ports MSN uses:
1863 TCP (in)
1863 UDP (in)
6891 - 6900 TCP (out)
5004 - 65535 UDP (out)
5190 UDP (in)
If I remember rightly, I blocked the inbound ports and didnt have to worry about the outbound....
If this doesnt work, get a network sniffer (maybe ethersnoop) and see what requests are going through and block acordingly.
Rob
1863 TCP (in)
1863 UDP (in)
6891 - 6900 TCP (out)
5004 - 65535 UDP (out)
5190 UDP (in)
If I remember rightly, I blocked the inbound ports and didnt have to worry about the outbound....
If this doesnt work, get a network sniffer (maybe ethersnoop) and see what requests are going through and block acordingly.
Rob
Problem with MSN messenger that it finds multiple ways to connect to the central server. We had users connecting via http.
Initially we set it up with the url pattern as described by the earlier thread. Since, it was blocking a pattern, that pattern also was a part of one of the web sites, so needless to say that access to that site was blocked too.
After some investigation, we took off url pattern and blocked access to messenger.hotmail.com. Firewall is now doing what we wanted the it to do. You must Set Messenger.hotmail.com as a domain entity, and put it in the bad sites group. This should work.
- Ketan
Initially we set it up with the url pattern as described by the earlier thread. Since, it was blocking a pattern, that pattern also was a part of one of the web sites, so needless to say that access to that site was blocked too.
After some investigation, we took off url pattern and blocked access to messenger.hotmail.com. Firewall is now doing what we wanted the it to do. You must Set Messenger.hotmail.com as a domain entity, and put it in the bad sites group. This should work.
- Ketan
NO. One needs to block access to domain messenger.hotmail.com, this has nothing to do with the DNS server or entry.
If you made messenger.hotmail.com a host entity and denied access to it, there maybe a way for clients to connect using host.messenger.hotmail.com, If you set up messenger.hotmail.com as a domain entity then the firewall would treat this as domain and it won't let clients access anything that ends in messenger.hotmail.com.
If you made messenger.hotmail.com a host entity and denied access to it, there maybe a way for clients to connect using host.messenger.hotmail.com, If you set up messenger.hotmail.com as a domain entity then the firewall would treat this as domain and it won't let clients access anything that ends in messenger.hotmail.com.
Has anyone found a solution to blocking msn yet? I'm looking for a solution with both cisco routers and IPTABLES.
The only way I can find to block MSN messenger is to block port 443 outbound. MSN can connect via port 80 and authenticate thru port 443. This is not a solution however because many companies now use port 443 (https) for online banking.
It's funny how people get upset when they can't do payroll ;O)
~ K.I.S.S - Don't make it any more complex than it has to be ~
The only way I can find to block MSN messenger is to block port 443 outbound. MSN can connect via port 80 and authenticate thru port 443. This is not a solution however because many companies now use port 443 (https) for online banking.
It's funny how people get upset when they can't do payroll ;O)
~ K.I.S.S - Don't make it any more complex than it has to be ~
- Status
Similar threads
- Locked
- Question