Blocking Yahoo and MSN
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Blocking Yahoo and MSN

  1. #1
    Junior Member
    Join Date
    Sep 2002
    Posts
    3

    Blocking Yahoo and MSN

    hi techies,
    I ve a problem here with blocking Yahoo and MSN chat programs on my uncles Router (netgear 614) which only allows me to block particular sites and ports. i was unable to block the services using IPchains and particular ports used by the services. Can i get some guidance on how to block the services on Netgear RP 614 Router ps.
    thnx
    Dishtools
    all the info gathered nd distributed is solely for informational purposes.

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Both are hard to block since they can be reconfigured to avoid the firewall.

    What I do is block the initial connections on their standard ports and create an IDS rule to alert me of the activity. Oh, prior to that I made sure I scared the bejeebers out of the users as to what I would do if I catch them..... Seems to work.....

    Remember: there are some administrative problems for which there are no technological solutions.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Junior Member
    Join Date
    Sep 2003
    Posts
    6
    Both will be very problematic as they use port 80 and unpriv ports for authentication/communication. But it's NOT impossible...just takes work.

    Believe you me, I went through all of this a year ago at home with my teenage daughters. I finally was able to block AOL, Yahoo, and MSN, but with a mixture of several things. I just don't think a Netgear will do it for you, but someone may prove me wrong...

    For AOL, using IPTables I blocked port 5190 in and out, and anything going to login.oscar.aol.com, and then I also added any website aol had where you could download AIM into squidGuard (works with squid proxy server, all of this runs on Linux) so that I could block any attempt to download the client. All the kids would get was a nice little page that said...go away....

    For Yahoo I blocked every IP address Yahoo was known to use for messenger services using IPTABLES. I also blocked port 5050 in and out. I don't have the list of ip's handy, but I could post later on if you want. I also add all associated web sites for yahoo messenger to squidGuard for the same reasons as AIM above....

    Now....MSN was the tough part. No matter what I tried, I had the hardest time blocking it. The thing that did the trick for me was a squid.conf entry that goes like this:

    acl kids src 192.168.0.10/255.255.255.255
    acl msnmessenger req_mime_type ^application/x-msn-messenger$
    http_access deny kids msnmessenger

    Then, on your network, you have to force your user browsers through your proxy cache, either by browser config, or by transparent proxy (I chose the latter using IPTABLES).

    Worked like a charm.
    Pete Fanning

  4. #4
    Junior Member
    Join Date
    Sep 2003
    Posts
    16
    interesting
    Cause: I net send LOZER at school

    EFFECT: suspension

  5. #5
    Junior Member
    Join Date
    Sep 2002
    Posts
    3
    thnx for the reply guys.. I m trying to block it for my Uncle (same reason Teenage daughter).
    can you ps post the IPs to block so that I may try them. Nothin so far seems to work. It s home network so it doesnt has any Networking Equipment except the Netgear Router. SO my best bet is to work on IP tables and ports. I would really appreciate if some one could post the list of ports which I should allow for the normal functioning (HTTP,FTP etc.)and block all the other ports so that user may only surf the net, download but be unable to do anything else.
    thnx
    Dishtools
    all the info gathered nd distributed is solely for informational purposes.

  6. #6
    Junior Member
    Join Date
    Sep 2003
    Posts
    6
    Ok....here's an outtake of a source file for my iptables script...Yahoo by far takes up the most space......obviously the envars and such will be different but you're most interested in the ports and ip's.....

    #
    #
    # Chat System Blocks
    #
    # AOL
    #$IPT -A SHUN -d 64.12.161.153 -j BAD_IP
    #$IPT -A SHUN -d 64.12.161.185 -j BAD_IP
    #$IPT -A SHUN -d 64.12.200.89 -j BAD_IP
    #$IPT -A SHUN -d 205.188.179.233 -j BAD_IP

    # Block Yahoo Messenger
    #
    # Yahoo Music
    #$IPT -t filter -A OUTPUT -p tcp -s 192.168.100.0/24 -d 0/0 --dport 1755 -j $STOP
    #
    #$IPT -t filter -A OUTPUT -p tcp -s 192.168.100.30/32 -d 0/0 --dport 5050 -j $STOP
    #$IPT -t filter -A OUTPUT -p udp -s 192.168.100.30/32 -d 0/0 --dport 5050 -j $STOP

    # cbs.yahoo.com
    $IPT -A SHUN -d 204.71.202.58 -j BAD_IP

    # msg1.edit.vip.sc5.yahoo.com
    $IPT -A SHUN -d 216.136.225.238 -j BAD_IP

    # dl1.yahoo.com thru dl4.yahoo.com
    $IPT -A SHUN -d 204.71.201.134 -j BAD_IP
    $IPT -A SHUN -d 204.71.201.141 -j BAD_IP
    $IPT -A SHUN -d 204.71.200.36 -j BAD_IP
    $IPT -A SHUN -d 204.71.200.37 -j BAD_IP

    # p1.msg.yahoo.com thru p5.msg.yahoo.com
    # p7.msg.yahoo.com thru p18.msg.yahoo.com
    $IPT -A SHUN -d 204.71.202.79 -j BAD_IP
    $IPT -A SHUN -d 204.71.202.78 -j BAD_IP
    $IPT -A SHUN -d 204.71.202.57 -j BAD_IP
    $IPT -A SHUN -d 204.71.202.56 -j BAD_IP
    $IPT -A SHUN -d 204.71.202.136 -j BAD_IP
    $IPT -A SHUN -d 204.71.202.138 -j BAD_IP
    $IPT -A SHUN -d 204.71.202.26 -j BAD_IP
    $IPT -A SHUN -d 204.71.200.86 -j BAD_IP
    $IPT -A SHUN -d 204.71.200.153 -j BAD_IP
    $IPT -A SHUN -d 216.115.105.112 -j BAD_IP
    $IPT -A SHUN -d 216.115.105.113 -j BAD_IP
    $IPT -A SHUN -d 216.115.105.114 -j BAD_IP
    $IPT -A SHUN -d 216.115.105.115 -j BAD_IP
    $IPT -A SHUN -d 204.71.202.84 -j BAD_IP
    $IPT -A SHUN -d 216.115.107.252 -j BAD_IP
    $IPT -A SHUN -d 216.115.107.253 -j BAD_IP
    $IPT -A SHUN -d 216.115.107.254 -j BAD_IP

    # old cs[1-9].msg.yahoo.com ips...kept just for the heck of it
    $IPT -A SHUN -d 204.71.202.119 -j BAD_IP
    $IPT -A SHUN -d 204.71.200.55 -j BAD_IP
    $IPT -A SHUN -d 216.115.107.146 -j BAD_IP
    $IPT -A SHUN -d 204.71.200.57 -j BAD_IP
    $IPT -A SHUN -d 204.71.201.100 -j BAD_IP
    $IPT -A SHUN -d 204.71.202.59 -j BAD_IP
    $IPT -A SHUN -d 204.71.202.58 -j BAD_IP
    $IPT -A SHUN -d 204.71.200.54 -j BAD_IP
    $IPT -A SHUN -d 216.115.105.57 -j BAD_IP

    # Block messenger.yahoo.com
    $IPT -A SHUN -d 216.109.116.177 -j BAD_IP
    $IPT -A SHUN -d 216.136.232.153 -j BAD_IP
    $IPT -A SHUN -d 66.163.172.51 -j BAD_IP
    $IPT -A SHUN -d 216.109.116.176 -j BAD_IP

    # Block MSN using Squid
    # Note: You can try blocking all inbound/outbound to ports 6891:6901 and 1080
    # but I don't believe that works anymore.
    Pete Fanning

  7. #7
    Senior Member
    Join Date
    Aug 2003
    Posts
    224
    MSN seems to be the hardest for everyone to block. It took some hardcore configuration for us to keep out staff from using MSN. However, the easiest route that we took was to disable SOCKS 5 in the logon script. So far, no one has proved they needed SOCKS to do their Job. Some of the women in the office wear sandles anyway
    There are many rewarding oppurtunities awaiting composure from like minds and great ideas. It in my objective to interconnect great things.

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Fraggin: Do me a favor...... give me the text from the script that disables the socks.... I'm sure some others will appreciate it too....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    fanningp and fraggin,

    Just a thought guys, Would it be possable for you to post your information as a Tutorial?

    cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  10. #10
    Junior Member
    Join Date
    Sep 2003
    Posts
    9
    Alternate idea would be to just disable all ports on the client computer, and set up a LAN http proxy that only accepts incoming connections on port 80. just configure the used browser to use that proxy, and then disable reconfiguring of browser by non-administrator users. That way any rouge applications at all will not be able to gain any internet acces, and, most likely, the user(s) will not know how to tunnel the AOL or Yahoo! Instant Messenger services through the proxy, and even if they do, you can configure it to search for the login string and have it just dismiss the traffic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •