Stopping msn 6 from connecting

WarLord
WarLord used Ask the Experts™
on
since msn 6 uses multiple ways of connecting to it's servers it's not easy to stop msn6 from connecting.

Is there a way that stops msn 6 from connecting? ALL ports are closed only 80 is open, so msn can only connect trough that port.

normally i would use a firewall. but it's for students on a school so there are always some students who just deletes the firewall, you know the story :).

Thanks in advance,

Erik
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
You could block access to the MSN server ip addresses at your firewall or router. What kind of internet connection is it? router? firewall?

Author

Commented:
yeah it is possible to block the ip adresses but it isn't really known WHICH ip adresses are used by msn 6 and still if you know it, it are like... 200 servers running. not that it isn't worth it but okay.

so then i need to know the server list of msn 6

Commented:
Well if you have your own DNS server there's another way. You could create a zone for msn.com and leave it empty. So when the msn messenger client tries to do a dns lookup on the server address, it'll fail because it will resolve locally to nothing.
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
it's not the problem to block the server's the problem is that it has so much and we don't know them all

Commented:
Put an entry in the "host" file locally, and point the queries to 127.0.0.1?
inet²

Author

Commented:
yeah i already know that solution but please READ it's not the problem of blocking it's the problem that we need to know it's server list

Commented:
Sniff it out...  http://www.ethereal.com/

Author

Commented:
already using that one... but with more then 200 servers takes like forever

Commented:
With my solution (adding a zone on your dns server for msn.com) ANY dns lookup on an address that ends msn.com will fail so you don't need to know any server addresses.
Network Engineer
Commented:
Warlord,

I also work in a school, and blocking the complete serverlist wont get you anywere. Theyll use tunnel programs, and let MSN tunnel trough their own PC at home.

If you really want to block it, youll need a solution that checks your packets (like a packeteer or an IDS). This way it doesnt matter to wich server MSN wants to connect, or even how it is concealed in HTML GET code or whatever. The best and cheapest solution is setting up a SNORT server under linux. Very cheap and very good solution, wich also detects any other traffic you dont want.

www.snort.org

grtz

Author

Commented:
not really what i wanted but we will see thanks for the stuff you told, i did my own research and i found out that msn has someway it's own protocol for connecting ( use netstat when msn is connected ) youll see it doesnt uses tcp or udp but some own weird protocol. maybe the protocol is blockable

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial