Solved

HOW TO BLOCK FILE TRASFER IN ISA 2004 BUT ALLOW MESSANGER SERVICE

Posted on 2006-06-17
7
1,967 Views
Last Modified: 2008-01-09
Hi,
I am new to ISA 2004 firewall, I want to allow messenger but don't want to use file transfer using messanger. Can any body help me .
0
Comment
Question by:samir_santra
  • 4
  • 2
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16927344
MSN uses the following port range (6891-6900 on tcp) for file transfer. try blocking these ports from local host & internal to external
0
 

Author Comment

by:samir_santra
ID: 16928877
This port information is critical. Thank you.

Does all messenger service use the same port range.
Should I apply this on the firewall policy ?
Also can you please guide me how to block this .

Thanks.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16929062
<<<
Containment

Internet or edge facing firewalls should be configured with a default 'Deny' policy and contain 'Permit' policies for only needed services and applications. With respect to the W32.Bropia.J and W32.Bropia.L worms certain MSN Messenger file transfers can be blocked at the Internet firewall by removing any permit rules that allow TCP port 6891-6900 traffic. Note: Blocking TCP ports 6891-6900 will not block MSN Messenger instant messages as they flow over TCP port 1863.
>>>

This range will block most MSN transfers but not necessarily all. The new versions have proxy settings for both http and socks traffic but is a good start.
I would make a new policy for this range and apply a deny for it.

create a new protocol, give it a name, select the port range for outgoing tcp 6891 to 6900 and save it
Create a new access rule, give it a name and select deny, select the new protocol you created, from internal & local host to external, all users.
Apply the policy
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:samir_santra
ID: 16957686
thanks msn-fle transfer is blocked but still I can send files through yahoo messanger. my requirement is that any messanger should work but all file transfer should be blocked.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 250 total points
ID: 16961831
There is no single policy that will cover every messenger.
yahoo file transfer uses this server
filetransfer.msg.yahoo.com

See
http://help.yahoo.com/l/us/yahoo/messenger/messenger7/messenger/messenger-02.html

Create a deny rule to this url
0
 
LVL 8

Expert Comment

by:charan_jeetsingh
ID: 16967201
for your particular purpose you will require to do some study,

Either you search all the messenger sites and lok for ports used by them for File transfers or install a sniffer on ur machine and try seeing which ports its using to do that....

Cj
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16981717
Thankyou :)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question