-
October 18th, 2004, 07:56 PM
#1
Blocking MSN Messenger
I'm tired. I decided to block MSN Messenger from internal user. I unleashed my power by blocking the complete range of IP from 207.46.1.1 to 207.70.255.255 in my Firewall. It kill MSN and Hotmail website also but it kill MSN Messenger!!
Anyone got a better way to block MSN Messenger?
-
October 18th, 2004, 08:18 PM
#2
Why not uninstalling MSN? I maybe don't get exactly what you're trying to do, but that sounds like a good idea IMO. Alternatively try blocking baym*.msgr.hotmail.com if you can [I could say the higher-end ports like 32k -> 33k but there are some other apps using those so...]
If it's on a network that you're trying to do this, then maybe the baym* idea sounds best... remember there's also the online version of MSN Messenger, so you'd have to block that too.
/ \\
-
October 18th, 2004, 08:49 PM
#3
The only port that Messenger need is 80.
I block Web Messenger
I'm try blocking passport.net, msn.com, hotmail.com domain and MSN Messenger was still able to sign. I think they force the IP of their server is the software himself.
-
October 18th, 2004, 09:03 PM
#4
Tried like hell to block Instant Messanger. Too many users complained about not having MSN. Finally broke down and bought Websense. No one on the LAN (except me) has IM capability now. Surf Control will also block IM traffic.
-
October 18th, 2004, 09:04 PM
#5
If you block port 80 I believe Messenger will search for other ports to use, it appears to be smarter than the other messenging clients. We went through that here. I think it tries 463 or 643..can't remember exactly.
\"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
-
October 18th, 2004, 09:30 PM
#6
All my port are block in outbound except 80, 21, Http, Pop3, DNS.
I just add a rules to send me a email when someone surf messenger.msn.com domain so I'm able to punished the user!
-
October 18th, 2004, 10:09 PM
#7
I've been trying for a couple of days. This morning, I got fed up, and I just renamed the service executable ( program files/messenger/msmsgs.exe or something like that ). It works for now
I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.
-
October 19th, 2004, 04:34 AM
#8
msmsgs.exe [or whichever the dreaded name] is the Messenger service, not MSN IM. Renaming that executable should block localhost access to that service [which in a networked environment might be a good or bad thing].
But MSN IM is a different ball-game, however similar the executable name is. Seems as though Snort has a signature for it:
http://www.snort.org/snort-db/sid.html?id=1990
Definitely easier than monitoring the entire domain IMHO.
/ \\
-
October 19th, 2004, 04:59 AM
#9
Originally posted here by SDK
The only port that Messenger need is 80.
I block Web Messenger
I'm try blocking passport.net, msn.com, hotmail.com domain and MSN Messenger was still able to sign. I think they force the IP of their server is the software himself.
IE-->Tools-->Internet Options--> Security-->Restricted sites-->sites-->passport.net, msn.com, hotmail.com --> add Those lock down options are part of IE for a reason.
-
October 19th, 2004, 05:24 AM
#10
Hey Hey,
Have you checked out a pay solution... such as TerminatorX.. It looks fairly decent...
Are you on a domain? Have you considered using group policy/NTFS permissions to restrict the usage of the executable..
By default Messenger uses port 1863... have you tried blocking just that port... seeing if it will actually force itself to port 80 or not?
Peace,
HT
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|