Solved

How to block access to instant messengers (MSN/AOL)

Posted on 2006-10-26
7
1,485 Views
Last Modified: 2011-09-20
We have a HotBrick Firewall, and I need to block access to MSN messenger and AOL Instant Messenger... does anyone knows to to setup this filter... or what ports should be blocked?

Thanks
0
Comment
Question by:ITMiami
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17813441
The problem with ports is both of these can tunnel over HTTP so unless you have some url filtering capabilties you wont block it totally

MSN Messenger – Users must login to the centralised service to locate other users. Once a connection is established, users message each other directly in peer-to-peer fashion. The default IP port for MSN Messenger is 1863 but the client is ‘port-agile’ and, if the port is blocked, it will look for other open ports – next targeting the HTTP port 80. MSN Messenger supports HTTP proxies, but does not support HTTP proxy authentication. Note that file transfers occur over TCP port 6891, audio and video conferencing over UDP ports 13324 and 13325, and application sharing is commonly TCP port 1503.
Yahoo Instant Messenger – Users login to the centralised Yahoo IM service to find other users. Once authenticated and online, users may choose to message each other directly or through shared chat rooms. The default port for Yahoo Instant Messenger is 5050 but the client is ‘port-agile’ and, if the port is blocked, it will look for other open ports – next targeting the HTTP port 80. Just like MSN Messenger, the client supports HTTP proxies, but not HTTP Proxy authentication. Note that file transfers and file sharing is commonly done over TCP port 4443.

AOL Instant Messenger (AIM) – Users login in to the AOL Open System for Communication in Real-time (OSCAR) and then begin communications with Basic OSCAR Services (BOS) to locate and message other users. These messages pass through the server before being forwarded to the recipient. File transfers, voice traffic and other large digital payloads are conducted in peer-to-peer mode – whereby the initiating IM client sends its IP address and an open port over the service, so the remote client can connect to it.
The default port for the AIM client is 5190 and, if the port is blocked, the ‘port-agile’ software will attempt to communicate over port 23 (telnet), 20 & 21 (FTP) and then 80 (HTTP). In addition, users can choose to go through a SOCKS v4/v5, a HTTP proxy or HTTPS proxy. However, when tunnelling over the HTTPS proxy connection, AIM does not use SSL to encrypt traffic.

However you can attempt to block "login.oscar.aol.com" which should render the software useless by disallowing the login to happen.
0
 

Author Comment

by:ITMiami
ID: 17816539
So MSN there is no way to block... I can use url filtering in the firewall but what should I add to block msn
0
 
LVL 22

Expert Comment

by:orangutang
ID: 17816616
Why not just uninstall them if you don't want them to access the Internet, since that's all they're used for.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 11

Accepted Solution

by:
prueconsulting earned 500 total points
ID: 17816724
According to Microsoft support website, to block MSN, you take either outbound access to TCP port 1863, and outbound HTTP access to messenger.hotmail.com

These are also some other login servers i have found for popular IMs
AOL Instant Messenger: login.oscar.aol.com:443
AOL Instant Messenger: login.oscar.aol.com, possibly toc.oscar.aol.com and login.icq.com
MSN Messenger: gateway.messenger.hotmail.com (was login.gateway.hotmail.com)
ICQ: login.icq.com and http.proxy.icq.com (Was icq.mirabilis.com and login.icq.com previously)
Yahoo! Messenger: msg.edit.yahoo.com/*
(Yahoo! Messenger: Might also need to block messenger.yahoo.com/*andhttp.pager.yahoo.com/* Be sure to type in the http on that last URL).

If this is also running in a AD environment you can use a GP to block execution of the IM exes
0
 

Author Comment

by:ITMiami
ID: 17820770
Thanks prueconsulting it worked perfectly...

----------------------------------------------------------------------------------------------


orangutang because the users will reinstall it and we will be back were we started...
0
 
LVL 22

Expert Comment

by:orangutang
ID: 17820777
Oh, good idea! Sorry, wasn't thinking :)
0
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17820794
Glad to be of help..
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question