Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Blocking MSN / Yahoo Messenger

Posted on 2008-10-07
8
1,521 Views
Last Modified: 2012-05-05
Hi,

Can anyone details how I block both MSN & Yahoo Messenger on my PIX 501 running V6.3

Thanks in advance
0
Comment
Question by:dt3itsteam
8 Comments
 
LVL 1

Assisted Solution

by:Cvif3v3r
Cvif3v3r earned 20 total points
ID: 22663654
This link tells you the Ports and IP addresses for MSN and Yahoo Instant Messenger. How to do it specifically on the Pix 500, I do not know, but I hope this helps at least.

http://www.windowsreference.com/security/how-to-block-yahoo-and-msn-messangers-in-a-firewall/
0
 
LVL 12

Assisted Solution

by:Pugglewuggle
Pugglewuggle earned 60 total points
ID: 22666124
You should be able to setup a default inspection rule to block this... the ASA has predefined rules in the ASDM that are designed to block certain kinds of traffic such as this and other things like bittorrent and limewire... you just need to enable them.
If you go to the configuration tab in the ASDM and the go to firewall >> advanced you will find the inspection section... it should be fairly easy to setup blocking as the different items are listed by name.
Let me know if you have any questions! Cheers!
0
 
LVL 5

Accepted Solution

by:
devangshroff earned 45 total points
ID: 22667150
but these mesanger keep on changeing port , so will ASA will block this.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:dt3itsteam
ID: 22668142
Can someone post me the Cisco command lines for the required statements?
Many thanks!
0
 
LVL 5

Assisted Solution

by:devangshroff
devangshroff earned 45 total points
ID: 22668175
class-map type regex match-any msn_exempt_list
match regex msnuser1 "booobs\@gmail.com"
match regex msnuser2 "user\@hotmail.com"

class-map type inspect im match-all MSN_BLOCK_CLASS
description "blabla"
match protocol msn-im
match login-name regex class msn_exempt_list

policy-map type inspect im MSN_BLOCK_POLICY
description "Policy blocking MSN IM"

class MSN_BLOCK_CLASS
drop-connection

service-policy MSN_BLOCK_POLICY interface outside
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22671860
booobs@gmail.com? Are you crazy devangshroff?
While these commands will work, that's awesomely funny! What's up with that? :-P
0
 
LVL 12

Assisted Solution

by:Pugglewuggle
Pugglewuggle earned 60 total points
ID: 22671882
One other thing - that only blocks IM for booobs@gmail.com and user@hotmail.com...
You need to have a wildcard regular expression.
Here is the Cisco article on Regular Expressions.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
Let me know if you have any questions!
Cheers!
0
 
LVL 12

Assisted Solution

by:Pugglewuggle
Pugglewuggle earned 60 total points
ID: 22672034
Oh - check this out - here is a screenshot from my ASDM - there is a default rule for blocking MSN Messenger, Yahoo Messenger, and lots of other things.
Just activate these policies. No need for booobs or devangshroff's commands. Lol.
Cheers! Let me know if you have any questions!

Untitled.jpg
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question