Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

IPSEC with Wildcards or a better way to block yahoo messenger.

Posted on 2004-10-22
8
Medium Priority
?
1,155 Views
Last Modified: 2013-12-23
I'm attempting to block serveral diffrent instant messenger progs. using IPSEC policies.  Most have gone down without too much trouble.  The exception is Yahoo Messenger.  I've found at least 50 diffrent ip address for logon servers and no matter how many I block it just finds a new one.  It's drivin me nuts.  They all have a common part of the host name *.msg.dcn.yahoo.com and they all appear to come from the same few IP ranges.  They are 216.136.x.x, 216.136.x.x and 246.155.x.x.  Short of entering everyone of these IP's is there a way to either block everything from *.msg.dcn.yahoo.com or by the IP ranges.  Thanks in advance.

Matt
0
Comment
Question by:mrlader
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
8 Comments
 

Author Comment

by:mrlader
ID: 12384028
Sorry forgot to list OS.  We run 2003 Server Enterprise Edition.
0
 
LVL 13

Expert Comment

by:masterbaker
ID: 12389998
Matt,

One thing you could do is try software that is meant to perform this job like this one: http://blockyahoo.port5.com/

This info below was "borrowed" from the www.phoneboy.com website:

-------------------------------------------------------------------------------------------------

You will need to block or allow access via port 5050 to the following IP addresses:

Yahoo Instant Messengers:


Yahoo_1 = 24.71.200.68
Yahoo_2 = 204.71.202.73
Yahoo_3 = 204.71.200.54
Yahoo_4 = 204.71.200.55
Yahoo_5 = 204.71.200.56
Yahoo_6 = 204.71.200.57
Yahoo_7 = 204.71.177.35
Yahoo_8 = 204.71.202.59
Yahoo_9 = 204.71.202.58
Yahoo_10 = 216.115.105.214
Yahoo_11 = 204.71.201.47
Yahoo_12 = 204.71.201.48
Yahoo_13 = 216.115.105.215
Yahoo_14 = 216.136.172.221
Yahoo_15 = 216.115.107.63 es21.msg.yahoo.com
Yahoo_16 = 216.115.107.64 es22.msg.yahoo.com
Yahoo_17 = 216.115.107.65 es23.msg.yahoo.com
Yahoo_18 = 216.115.107.66 es24.msg.yahoo.com
Yahoo_19 = 216.115.107.67 es25.msg.yahoo.com
Yahoo_20 = 216.115.107.101 es26.msg.yahoo.com
Yahoo_21 = 216.115.107.102 es27.msg.yahoo.com
Yahoo_22 = 216.115.107.103 es28.msg.yahoo.com
Yahoo_23 = 216.115.107.104 es29.msg.yahoo.com
Yahoo_24 = 216.115.107.105 es30.msg.yahoo.com
Yahoo_25 = 216.136.173.179 es31.msg.yahoo.com
0
 

Author Comment

by:mrlader
ID: 12390679
I had thought of terminatorx but this is for a small church school and they don't want to spend money on anything right now.  Blocking port 5050 doesn't work because yahoo just finds another port to use.  It will even use port 80 if need be.

Thanks
Matt
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 13

Expert Comment

by:masterbaker
ID: 12390978
Well you could block port 80 to these as well (better yet, all ports), but they could always add more servers and cause you to have to modify your settings again.  That's the problem you run into when you try to block the program at the network layer versus the application layer.

If you want to go the low $$$ route then I think you're stuck with the manual way of finding server IPs and blocking them.

It might be worth checking on that app I mentioned to see if they will give a break to a church.  Some companies offer discounts for schools and churches.

Jeff
0
 
LVL 37

Expert Comment

by:bbao
ID: 12395841
hi mrlader,

you have 3 ways (levels) to block those IPs used by Y! messenger, i am here to list all the levels, the corresponding methods, easibilities and the suitable conditions:

A) name resolving level: to block specific domains and the subordinates, easy, if you can point your clients' DNS settings to your W2K3 based DNS server.

B) IP routing level: to mask the specific IP blocks by changing routing table, very easy if all the related IPs can be grouped in a few IP blocks.

C) TCP port level: to use IPSec policies, difficult, you know why. :)

certainly, all the above methods use the built-in features of W2K3 server, free of charge as what you expect. :)

please tell me which one you one (of course A or B, not C) you prefer, i will tell you the detailed steps.

cheers,
bbao
0
 

Author Comment

by:mrlader
ID: 12396723
Option a would be best but if it's not too much trouble could you do a and b?  I would be most greatful for that info.  Thank you so so much.

Matt
0
 
LVL 37

Accepted Solution

by:
bbao earned 2000 total points
ID: 12594352
> Option a would be best but if it's not too much trouble could you do a and b?

A) on your W2K3 server, goto Control Panel | Add or remove programs | Add/remove windows components | Networking Services, click Details, check DNS and DHCP to install DNS and DHCP server. run DNS wizard to setup your DNS server with default settings. add an A type record for "*.msg.yahoo.com" with IP 127.0.0.1, add your ISP's DNS server addresses in the dialogue box for DNS Properties | Forwarder. run DHCP wizard to deploy your DHCP with the DHCP option for DNS pointing to your internal DNS server.

B) suppose IP block 216.115.107.* is for Y! messenger, you may add following command to block these IPs on your W2K3 server:

route -p add 216.115.107.0 mask 255.255.255.0 x.x.x.x

where x.x.x.x is a nonexistent IP on your LOCAL subnet.

hope it helps,
bbao
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question