Blocking Yahoo! Messenger

Has anyone managed to successfully block Yahoo! Messenger via a hardware firewall? I have MSN and AOL blocked, but I've been reading up on Yahoo and what other sources are saying is that it can't be blocked due to the fact it looks for open ports if it finds that it can't communicate on its usual ports.

That seems odd though, you can usually block just about anything at a firewall as long as you configure it right. Can Yahoo really be that crafty? So, I'm asking the people who know at AO (oh, look at me, I rhymed!). Is there a way to block it with a hardware firewall so that it doesn't find a way to wiggle through?

I have found that blocking the domains works for a while. (But then they change them)

However, management saw fit to get rid of the user, so I have not had to block anyone from yahoo for a while.

Ahhh here we go. I blocked these domains and it blocked his access for a while:

msg.sc5.yahoo.com
msg.yahoo.com

Quote:

---

However, management saw fit to get rid of the user, so I have not had to block anyone from yahoo for a while.

---

Now that's how you block access! :D We don't have that problem either presently, but I'm trying to act preemptively so it doesn't become one down the road.

Quote:

---

Originally posted here by AngelicKnight
Has anyone managed to successfully block Yahoo! Messenger via a hardware firewall? I have MSN and AOL blocked, but I've been reading up on Yahoo and what other sources are saying is that it can't be blocked due to the fact it looks for open ports if it finds that it can't communicate on its usual ports.

That seems odd though, you can usually block just about anything at a firewall as long as you configure it right. Can Yahoo really be that crafty? So, I'm asking the people who know at AO (oh, look at me, I rhymed!). Is there a way to block it with a hardware firewall so that it doesn't find a way to wiggle through?

---

Why not just just uninstall it?

Quote:

---

Originally posted here by xierox
Why not just just uninstall it?

---

Cause user will install it again. Yahoo does not follow good guidelines about the permissions it needs to install. The older versions installed whether you were an admin or a normal user with no install rights.

Well, that is a single-user solution. What I want is denial of access for the entire 20-something user office network, in the event we bring in a new employee one day who has the urge to get chatty on the company clock (not to mention the security risks if they decide to direct connect or download something from a "buddy").

/edit -- Jarrod beat me to the point! :)

Quote:

---

Originally posted here by CXGJarrod


Cause user will install it again. Yahoo does not follow good guidelines about the permissions it needs to install. The older versions installed whether you were an admin or a normal user with no install rights.

---

Quote:

---

Originally posted here by AngelicKnight
Well, that is a single-user solution. What I want is denial of access for the entire 20-something user office network, in the event we bring in a new employee one day who has the urge to get chatty on the company clock (not to mention the security risks if they decide to direct connect or download something from a "buddy").

/edit -- Jarrod beat me to the point! :)

---

Oh, ok, gotcha. Well, good luck, sorry I couldn't be of more help. :rolleyes:

That's ok, it was a good try. ;) I should've specified my network environment.

Its a difficult one Angelic - like CXG says they do keep changing domains etc. Any chance you could setup a sniffer on the network to catch whoever is using it and then have suitable action backed up by company policy that quite clearly outlines what wil happen if caught using IM's during work hours for non work related purposes i.e. the feckers will be strung out to dry?

Easy:

Block login.yahoo.com... you're done

If you can't block it by the domain name since the IP will change sometimes place a fixed record in your DNS zone pointing it at 127.0.0.1