Google Answers Logo
View Question
 
Q: Blocking MSN/Windows Messenger on a home network ( No Answer,   1 Comment )
Question  
Subject: Blocking MSN/Windows Messenger on a home network
Category: Computers > Security
Asked by: jimbostyx-ga
List Price: $10.00		 Posted: 21 Jun 2005 21:06 PDT
Expires: 03 Jul 2005 18:53 PDT
Question ID: 535727 
I've tried quite a few things but nothing seems to comprehensively
work.  I want to employ a black-list strategy to disable MSN and
Windows Messenger using only firewall rules.  It's a fairly dynamic
network and I can't be enabling services every time someone needs
access to them.  The MSKB article
http://support.microsoft.com/kb/889829 seems to be out of date as the
suggestions there don't work and every time I block a port or address
it seems to just use another.
Request for Question Clarification by denco-ga on 22 Jun 2005 14:37 PDT 
Howdy jimbostyx-ga,

Although I realize the KB article you note references TCP port 1863,
which does seem to be correct, have you tried blocking the following
IPs in conjunction with that port?  Thanks!

207.46.110.0/25
207.46.104.20

Looking Forward, denco-ga - Google Answers Researcher
Request for Question Clarification by bookface-ga on 22 Jun 2005 14:59 PDT 
"...and I can't be enabling services every time someone needs access to them."

I assume that means you don't want to take the option of blocking out
a range of IP addresses as described here:

http://www.experts-exchange.com/Security/Firewalls/Q_20610865.html

"I've blocked the port 1863 and also port 80 to the following sites
207.46.110.48
207.46.110.254
213.199.154.54
216.178.160.34
207.68.178.239
194.130.106.132
195.33.103.52
213.199.154.11
213.249.102.94
This seems to have stopped it, but if you find it still works you can
(on NT/2000/XP) find the PID of MSN from task manager (view and select
columns allows you to see this) the go to a command prompt and type
'netstat -nao' this will give you all the connections the computer has
made, and the associated PID, match them up, block it and try to log
in again. I've done this with MSN, but the idea is sound for any
program that you want to block and can't find the ports/sites/whatever
anywhere else.
........
I have tried blocking IP 207.46.104.* and 207.46.110.* and TCP port 1863
it works fine on my firewall. 
........
you can also block passport.com and then nobody can log in...."

If you don't want to block passport or blacklist a large IP range, I'm
afraid your problem can't be solved by a simple firewall only.

Please let me know if this solves your problem (or doesn't.)
Answer  
There is no answer at this time.

Comments  
Subject: Re: Blocking MSN/Windows Messenger on a home network
From: boxerdogittech-ga on 01 Jul 2005 21:34 PDT		  
I just tested this on my firewall and was successfull in blocking
contact from messenger. added LAN IP's to the ip filter config and
port range of 1863 and it cut of the connection for messenger. As for
MSN, I added those IPs to the deny list and the site was blocked.
Seems a bit rough around the edges. If I were you, having a network
like that and wanting have control over access, I would setup a proxy
and make group access policies so access is controlled dynamically by
login and not blocked network wide. Just my opinion.
Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy