Printable View
I'm tired. I decided to block MSN Messenger from internal user. I unleashed my power by blocking the complete range of IP from 207.46.1.1 to 207.70.255.255 in my Firewall. It kill MSN and Hotmail website also but it kill MSN Messenger!!
Anyone got a better way to block MSN Messenger?
Why not uninstalling MSN? I maybe don't get exactly what you're trying to do, but that sounds like a good idea IMO. Alternatively try blocking baym*.msgr.hotmail.com if you can [I could say the higher-end ports like 32k -> 33k but there are some other apps using those so...]
If it's on a network that you're trying to do this, then maybe the baym* idea sounds best... remember there's also the online version of MSN Messenger, so you'd have to block that too.
The only port that Messenger need is 80.
I block Web Messenger
I'm try blocking passport.net, msn.com, hotmail.com domain and MSN Messenger was still able to sign. I think they force the IP of their server is the software himself.
Tried like hell to block Instant Messanger. Too many users complained about not having MSN. Finally broke down and bought Websense. No one on the LAN (except me) has IM capability now. Surf Control will also block IM traffic.
If you block port 80 I believe Messenger will search for other ports to use, it appears to be smarter than the other messenging clients. We went through that here. I think it tries 463 or 643..can't remember exactly.
All my port are block in outbound except 80, 21, Http, Pop3, DNS.
I just add a rules to send me a email when someone surf messenger.msn.com domain so I'm able to punished the user!
I've been trying for a couple of days. This morning, I got fed up, and I just renamed the service executable ( program files/messenger/msmsgs.exe or something like that ). It works for now :)
msmsgs.exe [or whichever the dreaded name] is the Messenger service, not MSN IM. Renaming that executable should block localhost access to that service [which in a networked environment might be a good or bad thing].
But MSN IM is a different ball-game, however similar the executable name is. Seems as though Snort has a signature for it:
http://www.snort.org/snort-db/sid.html?id=1990
Definitely easier than monitoring the entire domain IMHO.
IE-->Tools-->Internet Options--> Security-->Restricted sites-->sites-->passport.net, msn.com, hotmail.com --> add Those lock down options are part of IE for a reason.Quote:
Originally posted here by SDK
The only port that Messenger need is 80.
I block Web Messenger
I'm try blocking passport.net, msn.com, hotmail.com domain and MSN Messenger was still able to sign. I think they force the IP of their server is the software himself.
Hey Hey,
Have you checked out a pay solution... such as TerminatorX.. It looks fairly decent...
Are you on a domain? Have you considered using group policy/NTFS permissions to restrict the usage of the executable..
By default Messenger uses port 1863... have you tried blocking just that port... seeing if it will actually force itself to port 80 or not?
Peace,
HT
No, you're wrong. I killed the messenger service ages ago. It hasn't been running since, unlike the Instant Messenger. I had a look at the proces list, killed msmsgs.exe, an lo and behold, the instant messenger died. When I started the executable, (start/run) the IM popped up again. Furthermore, the executable has the instant managers icon.Quote:
Originally posted here by hypronix
msmsgs.exe [or whichever the dreaded name] is the Messenger service, not MSN IM.
If you look at the messenger service, you'll see that the service points to this executable: C:\WINDOWS\System32\svchost.exe, not the one I renamed.
AFAIK MSN IM has an executable like msnmsgs.exe or along those lines [an 'n' in the filename] that differentiates it from the Messenger service. That's how it was when I renamed the msmsgs.exe file while MSN IM was still working.
I don't suppose much changed since I stopped extensively using Windows 4 months ago... Anyway, this is my experience with the two programs.
Mystery solved: msmsgs.exe isn't MSN Messenger, but Windows Messenger. I had problems with Windows Messenger, not with MSN Messenger. Both are Instant Messengers though. Which do basically the same. Blame Bill. Or Steve. Or that guy in IT.
Simpel solution? Block all outgoing traffic (for your users) and install a proxyserver so your users can "browse" the Internet. If you set it up properly MSN IM won't work anymore. You also have the added benefit of being able to filter your webtraffic (for viruses, spyware and other malware). Another (your boss will like this) benifit is being able to present a raport on Internet usage (top 10 websites, top 10 users etc.).
Using a proxy or domain policy are solution ; proxy is even better but I don't have a proxy server at the moment, either do I have a domain 2000 (I have NT and we are slacking updating to Win2003).
I was looking more for a firewall solution, hoping someone as found all the IP of my Microsoft server. I know they are in the range of 207.46.1.1 to 207.70.255.255.
Blocking Internet complety is not a option, sitting on each PC to do a modification is not a option either.
yea saw some on how to block, well just disable the service, msconfig, or services.msc uninstall it, and also if you install webroot spysweeper it has a nice little feature that blocks it out :) plus keeps you spyware free with current updates
Assume you have all the IPs of MS blocked on your firewall.
What's keeping your users from using a (public) proxy, thereby bypassing your firewall rules?
are you using a firewall? I had done this on a cyberguard firewall. *login* will eliminate login in to any sight that request a user name and password. this should be on your proxy services. this is the easiest way to do it.
That was my point. Let's blame Bill.Quote:
Originally posted here by Guus
Mystery solved: msmsgs.exe isn't MSN Messenger, but Windows Messenger. I had problems with Windows Messenger, not with MSN Messenger. Both are Instant Messengers though. Which do basically the same. Blame Bill. Or Steve. Or that guy in IT.
As far as I understand you blocked the e-messenger website SDK? I know that's how my girlfriend circumvents her high-school's library 'protection' system to use MSN and chat with me :)
As for proxies, that means a level of intelligence and computer-savvy most users do not posses. Of course, a good sysadmin never unedrestimates the dangers that might exist in nay given setting.
E-Messenger WebSite?
Right now, I block the messenger.msn.com website. Users can connect to MSN but I get a email that warm me that a IP as connect to MSN. (Even if MSN failed connecting to messenger.msn.com, I'll log on).
d_atomic320 : I try your trick and I didn't work on my SonicWall. Thank anyway.
http://webmessenger.msn.com
http://www.e-messenger.net
http://www.wbmsn.net
Top three off the Google searchm first one is MS's own, the others... well, not sure, but nonetheless all do the same task. Allow you to chat on MSN through the browser.
Thank for other Web MSN. I block them.
I think I found it!!!! Block the server rad.msn.com
I block MSN Messenger but not Windows Messenger. It's a start!!