• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1974
  • Last Modified:

HOW TO BLOCK FILE TRASFER IN ISA 2004 BUT ALLOW MESSANGER SERVICE

Hi,
I am new to ISA 2004 firewall, I want to allow messenger but don't want to use file transfer using messanger. Can any body help me .
0
samir_santra
Asked:
samir_santra
  • 4
  • 2
1 Solution
 
Keith AlabasterCommented:
MSN uses the following port range (6891-6900 on tcp) for file transfer. try blocking these ports from local host & internal to external
0
 
samir_santraAuthor Commented:
This port information is critical. Thank you.

Does all messenger service use the same port range.
Should I apply this on the firewall policy ?
Also can you please guide me how to block this .

Thanks.
0
 
Keith AlabasterCommented:
<<<
Containment

Internet or edge facing firewalls should be configured with a default 'Deny' policy and contain 'Permit' policies for only needed services and applications. With respect to the W32.Bropia.J and W32.Bropia.L worms certain MSN Messenger file transfers can be blocked at the Internet firewall by removing any permit rules that allow TCP port 6891-6900 traffic. Note: Blocking TCP ports 6891-6900 will not block MSN Messenger instant messages as they flow over TCP port 1863.
>>>

This range will block most MSN transfers but not necessarily all. The new versions have proxy settings for both http and socks traffic but is a good start.
I would make a new policy for this range and apply a deny for it.

create a new protocol, give it a name, select the port range for outgoing tcp 6891 to 6900 and save it
Create a new access rule, give it a name and select deny, select the new protocol you created, from internal & local host to external, all users.
Apply the policy
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
samir_santraAuthor Commented:
thanks msn-fle transfer is blocked but still I can send files through yahoo messanger. my requirement is that any messanger should work but all file transfer should be blocked.
0
 
Keith AlabasterCommented:
There is no single policy that will cover every messenger.
yahoo file transfer uses this server
filetransfer.msg.yahoo.com

See
http://help.yahoo.com/l/us/yahoo/messenger/messenger7/messenger/messenger-02.html

Create a deny rule to this url
0
 
charan_jeetsinghCommented:
for your particular purpose you will require to do some study,

Either you search all the messenger sites and lok for ports used by them for File transfers or install a sniffer on ur machine and try seeing which ports its using to do that....

Cj
0
 
Keith AlabasterCommented:
Thankyou :)
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now