Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1517
  • Last Modified:

How to block access to instant messengers (MSN/AOL)

We have a HotBrick Firewall, and I need to block access to MSN messenger and AOL Instant Messenger... does anyone knows to to setup this filter... or what ports should be blocked?

Thanks
0
ITMiami
Asked:
ITMiami
  • 3
  • 2
  • 2
1 Solution
 
prueconsultingCommented:
The problem with ports is both of these can tunnel over HTTP so unless you have some url filtering capabilties you wont block it totally

MSN Messenger – Users must login to the centralised service to locate other users. Once a connection is established, users message each other directly in peer-to-peer fashion. The default IP port for MSN Messenger is 1863 but the client is ‘port-agile’ and, if the port is blocked, it will look for other open ports – next targeting the HTTP port 80. MSN Messenger supports HTTP proxies, but does not support HTTP proxy authentication. Note that file transfers occur over TCP port 6891, audio and video conferencing over UDP ports 13324 and 13325, and application sharing is commonly TCP port 1503.
Yahoo Instant Messenger – Users login to the centralised Yahoo IM service to find other users. Once authenticated and online, users may choose to message each other directly or through shared chat rooms. The default port for Yahoo Instant Messenger is 5050 but the client is ‘port-agile’ and, if the port is blocked, it will look for other open ports – next targeting the HTTP port 80. Just like MSN Messenger, the client supports HTTP proxies, but not HTTP Proxy authentication. Note that file transfers and file sharing is commonly done over TCP port 4443.

AOL Instant Messenger (AIM) – Users login in to the AOL Open System for Communication in Real-time (OSCAR) and then begin communications with Basic OSCAR Services (BOS) to locate and message other users. These messages pass through the server before being forwarded to the recipient. File transfers, voice traffic and other large digital payloads are conducted in peer-to-peer mode – whereby the initiating IM client sends its IP address and an open port over the service, so the remote client can connect to it.
The default port for the AIM client is 5190 and, if the port is blocked, the ‘port-agile’ software will attempt to communicate over port 23 (telnet), 20 & 21 (FTP) and then 80 (HTTP). In addition, users can choose to go through a SOCKS v4/v5, a HTTP proxy or HTTPS proxy. However, when tunnelling over the HTTPS proxy connection, AIM does not use SSL to encrypt traffic.

However you can attempt to block "login.oscar.aol.com" which should render the software useless by disallowing the login to happen.
0
 
ITMiamiAuthor Commented:
So MSN there is no way to block... I can use url filtering in the firewall but what should I add to block msn
0
 
orangutangCommented:
Why not just uninstall them if you don't want them to access the Internet, since that's all they're used for.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
prueconsultingCommented:
According to Microsoft support website, to block MSN, you take either outbound access to TCP port 1863, and outbound HTTP access to messenger.hotmail.com

These are also some other login servers i have found for popular IMs
AOL Instant Messenger: login.oscar.aol.com:443
AOL Instant Messenger: login.oscar.aol.com, possibly toc.oscar.aol.com and login.icq.com
MSN Messenger: gateway.messenger.hotmail.com (was login.gateway.hotmail.com)
ICQ: login.icq.com and http.proxy.icq.com (Was icq.mirabilis.com and login.icq.com previously)
Yahoo! Messenger: msg.edit.yahoo.com/*
(Yahoo! Messenger: Might also need to block messenger.yahoo.com/*andhttp.pager.yahoo.com/* Be sure to type in the http on that last URL).

If this is also running in a AD environment you can use a GP to block execution of the IM exes
0
 
ITMiamiAuthor Commented:
Thanks prueconsulting it worked perfectly...

----------------------------------------------------------------------------------------------


orangutang because the users will reinstall it and we will be back were we started...
0
 
orangutangCommented:
Oh, good idea! Sorry, wasn't thinking :)
0
 
prueconsultingCommented:
Glad to be of help..
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now