Hey all ...
well its another post with the subject "Blocking Msn Messenger"..I have already gone through almost all the similar posts on the AO. I have also "googled" the issue. Got some ideas from there. I am listing these ideas alongwith problems. I hope anyone can come up with a better solution.
1) Blocking specific ports for these softwares i.e. :1863 works no more..because of the port roaming feature of this IM utility (M$N Messenger).It has the ability to tunnel the connection through port 80 that is used for http traffic.Blocking port 80 would mean no life on m network. No http traffic, blocking genuine users.
2) Blocking socks wouldnt be a good idea, coz many applications here uses these ports, again would result in blocking legal appliations.
3) Blocking all traffic to messenger.hotmail.com for all the ip's of my network wont work.Courtesy proxy servers.
4) entry to \etc\hosts files is'nt effcient enough. Because there are numerous Name servers for instant messaging. I tried to block the range of 64.4.0.0 to 64.4.63.255 ( knows to be the ip range for the name servers for IM utility)But they keep on adding new servers and automatic execution of updates add those servers when connecting to the the servers.
5) Someone suggested to have an NIDS like Snort and when a Syn packet is sent , it should be repied with a spoofed packet so that the connection could be dropped. Not comfortable with Snort yet , new to it. Any sugestions.
6) Application Blockers is a good idea but none of them is free to implement on my network.
Thank you for reading all along. Any help would be really appreciated.
By the way its a win2k server with almost 60 computers on the primary domain and almost 25 to 30 pc's on the sub domain. Registry is restricited to ordinary users, so they cannot install softwares.But you know by passing the registry is fun for users. so they always do it. I am also workin out on it.Thank you all along.
Plz do reply..
Bye
Ommy