Solved

IPSEC with Wildcards or a better way to block yahoo messenger.

Posted on 2004-10-22
916 Views
Last Modified: 2013-12-23
I'm attempting to block serveral diffrent instant messenger progs. using IPSEC policies.  Most have gone down without too much trouble.  The exception is Yahoo Messenger.  I've found at least 50 diffrent ip address for logon servers and no matter how many I block it just finds a new one.  It's drivin me nuts.  They all have a common part of the host name *.msg.dcn.yahoo.com and they all appear to come from the same few IP ranges.  They are 216.136.x.x, 216.136.x.x and 246.155.x.x.  Short of entering everyone of these IP's is there a way to either block everything from *.msg.dcn.yahoo.com or by the IP ranges.  Thanks in advance.

Matt
0
Question by:mrlader
    7 Comments
     

    Author Comment

    by:mrlader
    Sorry forgot to list OS.  We run 2003 Server Enterprise Edition.
    0
     
    LVL 13

    Expert Comment

    by:masterbaker
    Matt,

    One thing you could do is try software that is meant to perform this job like this one: http://blockyahoo.port5.com/

    This info below was "borrowed" from the www.phoneboy.com website:

    -------------------------------------------------------------------------------------------------

    You will need to block or allow access via port 5050 to the following IP addresses:

    Yahoo Instant Messengers:


    Yahoo_1 = 24.71.200.68
    Yahoo_2 = 204.71.202.73
    Yahoo_3 = 204.71.200.54
    Yahoo_4 = 204.71.200.55
    Yahoo_5 = 204.71.200.56
    Yahoo_6 = 204.71.200.57
    Yahoo_7 = 204.71.177.35
    Yahoo_8 = 204.71.202.59
    Yahoo_9 = 204.71.202.58
    Yahoo_10 = 216.115.105.214
    Yahoo_11 = 204.71.201.47
    Yahoo_12 = 204.71.201.48
    Yahoo_13 = 216.115.105.215
    Yahoo_14 = 216.136.172.221
    Yahoo_15 = 216.115.107.63 es21.msg.yahoo.com
    Yahoo_16 = 216.115.107.64 es22.msg.yahoo.com
    Yahoo_17 = 216.115.107.65 es23.msg.yahoo.com
    Yahoo_18 = 216.115.107.66 es24.msg.yahoo.com
    Yahoo_19 = 216.115.107.67 es25.msg.yahoo.com
    Yahoo_20 = 216.115.107.101 es26.msg.yahoo.com
    Yahoo_21 = 216.115.107.102 es27.msg.yahoo.com
    Yahoo_22 = 216.115.107.103 es28.msg.yahoo.com
    Yahoo_23 = 216.115.107.104 es29.msg.yahoo.com
    Yahoo_24 = 216.115.107.105 es30.msg.yahoo.com
    Yahoo_25 = 216.136.173.179 es31.msg.yahoo.com
    0
     

    Author Comment

    by:mrlader
    I had thought of terminatorx but this is for a small church school and they don't want to spend money on anything right now.  Blocking port 5050 doesn't work because yahoo just finds another port to use.  It will even use port 80 if need be.

    Thanks
    Matt
    0
     
    LVL 13

    Expert Comment

    by:masterbaker
    Well you could block port 80 to these as well (better yet, all ports), but they could always add more servers and cause you to have to modify your settings again.  That's the problem you run into when you try to block the program at the network layer versus the application layer.

    If you want to go the low $$$ route then I think you're stuck with the manual way of finding server IPs and blocking them.

    It might be worth checking on that app I mentioned to see if they will give a break to a church.  Some companies offer discounts for schools and churches.

    Jeff
    0
     
    LVL 36

    Expert Comment

    by:Bing CISM / CISSP
    hi mrlader,

    you have 3 ways (levels) to block those IPs used by Y! messenger, i am here to list all the levels, the corresponding methods, easibilities and the suitable conditions:

    A) name resolving level: to block specific domains and the subordinates, easy, if you can point your clients' DNS settings to your W2K3 based DNS server.

    B) IP routing level: to mask the specific IP blocks by changing routing table, very easy if all the related IPs can be grouped in a few IP blocks.

    C) TCP port level: to use IPSec policies, difficult, you know why. :)

    certainly, all the above methods use the built-in features of W2K3 server, free of charge as what you expect. :)

    please tell me which one you one (of course A or B, not C) you prefer, i will tell you the detailed steps.

    cheers,
    bbao
    0
     

    Author Comment

    by:mrlader
    Option a would be best but if it's not too much trouble could you do a and b?  I would be most greatful for that info.  Thank you so so much.

    Matt
    0
     
    LVL 36

    Accepted Solution

    by:
    > Option a would be best but if it's not too much trouble could you do a and b?

    A) on your W2K3 server, goto Control Panel | Add or remove programs | Add/remove windows components | Networking Services, click Details, check DNS and DHCP to install DNS and DHCP server. run DNS wizard to setup your DNS server with default settings. add an A type record for "*.msg.yahoo.com" with IP 127.0.0.1, add your ISP's DNS server addresses in the dialogue box for DNS Properties | Forwarder. run DHCP wizard to deploy your DHCP with the DHCP option for DNS pointing to your internal DNS server.

    B) suppose IP block 216.115.107.* is for Y! messenger, you may add following command to block these IPs on your W2K3 server:

    route -p add 216.115.107.0 mask 255.255.255.0 x.x.x.x

    where x.x.x.x is a nonexistent IP on your LOCAL subnet.

    hope it helps,
    bbao
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
    Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    856 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now