Blocking msn/yahoo/irc and all the rest of that.

edzy55 · Nov 27, 2002

Can anyone tell me what I need to block? The ip addresses/ports bla bla.

Keep trying to find all the ip addresses of msn but more and more appear.

Thanks

haneo · Nov 27, 2002

in your win box connect to msn and to yahoo messenger and close all others prog incluse explorers (to simple all thinks)

in dos do:
c:\>netstat -a

searche for words like yahoo msn
in my pc i see this:
TCP MYDSK:2987 baym-cs73.msgr.hotmail.com:1863 ESTABLISHED
TCP MYDSK:1047 cs44.msg.sc5.yahoo.com:5050 ESTABLISHED

just block TCP communication to cs44.msg.sc5.yahoo.com port 5050
and baym-cs73.msgr.hotmail.com port 1863
try and tell us if they change their port just bloc by IPdestination

et Voila!!!
hope that will help you

gbiello · Nov 27, 2002

This web-site lists all the ports and what they are for:

http://www.good-stuff.co.uk/useful/portfull.html

That should help you somewhat. This doesn't often work, as these protocols can often hop ports and masquerade as something different. You're also right about the ip addresses.

There are devices out there that classify traffic based on upper layer protocols. They work very well and this is more likely what you would need.

If you are interested, let me know and I can post those URL's here.

-gbiello

haneo · Nov 29, 2002

Gbiello i am interessted by the URl can you give it ?
thanks.

gbiello · Dec 2, 2002

Here it is:

http://www.packeteer.com/products/packetshaper/

-gbiello@deva.com

rborel · Dec 6, 2002

We were able to do it but it took quite some time. I'll help you a little here. Here are the deny statement's in our PIX. As of a month ago it stopped all im traffic. There may have been some new additions so you'll want to watch.

access-list IM_AOL deny tcp any any eq 1863
access-list IM_AOL deny tcp any any range 5000 5100
access-list IM_AOL deny tcp any any range 5190 5193
access-list IM_AOL deny tcp any 216.0.0.0 255.0.0.0 eq telnet
access-list IM_AOL deny ip any host 64.4.13.170
access-list IM_AOL deny ip any 152.163.15.0 255.255.255.0
access-list IM_AOL deny ip any 152.188.66.0 255.255.255.0
access-list IM_AOL deny ip any 152.163.12.0 255.255.255.0
access-list IM_AOL deny ip any 64.12.15.0 255.255.255.0
access-list IM_AOL deny ip any 152.163.6.0 255.255.255.0
access-list IM_AOL deny ip any 64.12.9.0 255.255.255.0
access-list IM_AOL deny ip any 205.188.76.0 255.255.255.0
access-list IM_AOL deny ip any 205.188.66.0 255.255.255.0
access-list IM_AOL deny ip any 205.188.69.0 255.255.255.0
access-list IM_AOL deny ip any 205.188.70.0 255.255.255.0
access-list IM_AOL deny tcp any any range 6660 6669
access-list IM_AOL deny tcp any any range 7770 7775
access-list IM_AOL deny tcp any any eq 7000
access-list IM_AOL deny tcp any any eq 4400
access-list IM_AOL deny tcp any any eq 5555
access-list IM_AOL deny tcp any any eq 8000
access-list IM_AOL deny ip any host 216.136.233.138
access-list IM_AOL deny ip any host 216.136.173.172
access-list IM_AOL deny ip any host 216.136.173.179
access-list IM_AOL deny ip any host 216.136.175.226
access-list IM_AOL deny ip any host 216.136.226.209
access-list IM_AOL deny ip any host 216.136.226.210
access-list IM_AOL deny ip any host 216.136.233.136
access-list IM_AOL deny ip any host 216.136.233.137
access-list IM_AOL deny ip any host 216.136.233.130
access-list IM_AOL deny ip any host 216.136.233.131
access-list IM_AOL deny ip any host 216.136.233.133
access-list IM_AOL deny ip any host 216.136.233.134
access-list IM_AOL deny ip any host 216.136.233.135
access-list IM_AOL deny ip any host 216.136.224.143
access-list IM_AOL deny ip any host 216.136.224.142
access-list IM_AOL deny ip any host 216.136.175.132
access-list IM_AOL deny ip any host 216.136.233.132
access-list IM_AOL deny ip any host 216.136.175.144
access-list IM_AOL deny ip any host 216.136.224.214
access-list IM_AOL deny ip any host 216.136.227.168
access-list IM_AOL deny ip any host 216.136.224.213
access-list IM_AOL deny ip any host 216.136.225.11
access-list IM_AOL deny ip any host 216.136.225.12
access-list IM_AOL deny ip any host 216.136.175.142
access-list IM_AOL deny ip any host 216.136.175.143

good luck and remember these are blocking only the login servers. The full C blocks it's denying are for AOL.

rborel · Dec 6, 2002

BTW, This didn't block all IRC, servers on non-standard IRC ports will be hard to catch and stop.

edzy55 · Jan 6, 2003

Thanks for all the help! Doe's anyone have an access-list that they use and works?

haneo · Jan 6, 2003

i have blocked MSN with a linux box as getway (using ipchaines):
ipchains -A forward -s 192.168.0.0/24 -p tcp -d 0.0.0.0/0.0.0.0 1863 -j DENY
ipchains -A forward -s 192.168.0.0/24 -p udp -d 0.0.0.0/0.0.0.0 1863 -j DENY
ipchains -A forward -s 192.168.0.0/24 -d 207.46.104.20/32 -j DENY

Yahoo messenger is another matter because it have so many servers and can change destination ports [bigears]

.I seen ym connected to one yahoo server using port 80, 23, 21, 5050 [sadeyes]

!!!! and others.

if some one have stoped yahoo messenger i would like to know the IPs and ports that are blocked thank for all

Zelandakh · Jan 6, 2003

get them all on a proxy, let the proxy out to ports 80 (remapped) and 443 and LOG all other traffic.

Then send them emails about not attaching to those servers...

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Blocking msn/yahoo/irc and all the rest of that.

edzy55

MIS

haneo

Programmer

gbiello

Technical User

haneo

Programmer

gbiello

Technical User

rborel

MIS

rborel

MIS

edzy55

MIS

haneo

Programmer

Zelandakh

MIS

Similar threads

Part and Inventory Search

Sponsor