Solved

How to block access to instant messengers (MSN/AOL)

Posted on 2006-10-26
7
1,445 Views
Last Modified: 2011-09-20
We have a HotBrick Firewall, and I need to block access to MSN messenger and AOL Instant Messenger... does anyone knows to to setup this filter... or what ports should be blocked?

Thanks
0
Comment
Question by:ITMiami
  • 3
  • 2
  • 2
7 Comments
 
LVL 11

Expert Comment

by:prueconsulting
Comment Utility
The problem with ports is both of these can tunnel over HTTP so unless you have some url filtering capabilties you wont block it totally

MSN Messenger – Users must login to the centralised service to locate other users. Once a connection is established, users message each other directly in peer-to-peer fashion. The default IP port for MSN Messenger is 1863 but the client is ‘port-agile’ and, if the port is blocked, it will look for other open ports – next targeting the HTTP port 80. MSN Messenger supports HTTP proxies, but does not support HTTP proxy authentication. Note that file transfers occur over TCP port 6891, audio and video conferencing over UDP ports 13324 and 13325, and application sharing is commonly TCP port 1503.
Yahoo Instant Messenger – Users login to the centralised Yahoo IM service to find other users. Once authenticated and online, users may choose to message each other directly or through shared chat rooms. The default port for Yahoo Instant Messenger is 5050 but the client is ‘port-agile’ and, if the port is blocked, it will look for other open ports – next targeting the HTTP port 80. Just like MSN Messenger, the client supports HTTP proxies, but not HTTP Proxy authentication. Note that file transfers and file sharing is commonly done over TCP port 4443.

AOL Instant Messenger (AIM) – Users login in to the AOL Open System for Communication in Real-time (OSCAR) and then begin communications with Basic OSCAR Services (BOS) to locate and message other users. These messages pass through the server before being forwarded to the recipient. File transfers, voice traffic and other large digital payloads are conducted in peer-to-peer mode – whereby the initiating IM client sends its IP address and an open port over the service, so the remote client can connect to it.
The default port for the AIM client is 5190 and, if the port is blocked, the ‘port-agile’ software will attempt to communicate over port 23 (telnet), 20 & 21 (FTP) and then 80 (HTTP). In addition, users can choose to go through a SOCKS v4/v5, a HTTP proxy or HTTPS proxy. However, when tunnelling over the HTTPS proxy connection, AIM does not use SSL to encrypt traffic.

However you can attempt to block "login.oscar.aol.com" which should render the software useless by disallowing the login to happen.
0
 

Author Comment

by:ITMiami
Comment Utility
So MSN there is no way to block... I can use url filtering in the firewall but what should I add to block msn
0
 
LVL 22

Expert Comment

by:orangutang
Comment Utility
Why not just uninstall them if you don't want them to access the Internet, since that's all they're used for.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 11

Accepted Solution

by:
prueconsulting earned 500 total points
Comment Utility
According to Microsoft support website, to block MSN, you take either outbound access to TCP port 1863, and outbound HTTP access to messenger.hotmail.com

These are also some other login servers i have found for popular IMs
AOL Instant Messenger: login.oscar.aol.com:443
AOL Instant Messenger: login.oscar.aol.com, possibly toc.oscar.aol.com and login.icq.com
MSN Messenger: gateway.messenger.hotmail.com (was login.gateway.hotmail.com)
ICQ: login.icq.com and http.proxy.icq.com (Was icq.mirabilis.com and login.icq.com previously)
Yahoo! Messenger: msg.edit.yahoo.com/*
(Yahoo! Messenger: Might also need to block messenger.yahoo.com/*andhttp.pager.yahoo.com/* Be sure to type in the http on that last URL).

If this is also running in a AD environment you can use a GP to block execution of the IM exes
0
 

Author Comment

by:ITMiami
Comment Utility
Thanks prueconsulting it worked perfectly...

----------------------------------------------------------------------------------------------


orangutang because the users will reinstall it and we will be back were we started...
0
 
LVL 22

Expert Comment

by:orangutang
Comment Utility
Oh, good idea! Sorry, wasn't thinking :)
0
 
LVL 11

Expert Comment

by:prueconsulting
Comment Utility
Glad to be of help..
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now