Want to Block File transfer in MSN

I wanted to block the MSN file transfer in the network. MSN messenger is used for client conversation. But it has been observed that people are using it for file transfer also. Is there are way we can block this.
I am not sure I have found on some blogs that this file transfer works on Port 1300-1399. I have doubt on this as it is series of ports.

Please guide me to complete this task.
Thanks
Gaurav Arora
Shiv3Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JoWickermanCommented:
Hi Shiv3,

Some of MSN Messenger ports are:

* Audio and Video - dynamic ports were chosen for the audio-video (AV) stream.... using dynamically allocated UDP ports in the range of 5004 to 65535.
* Application Sharing and Whiteboard - whiteboard (WB) data uses port 1503...
* File Transfer - Both incoming and outgoing TCP connections use the range of ports from 6891 to 6900...
* Remote Assistance - TCP port 3389 is used for the TCP connection for the Remote Assistance protocol.

Hope this helps.

Cheers
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Shiv3Author Commented:
Hi JoWickerman

Great Thanks for your reply. Just wanted ask few things before making any change. all the ports which you have mentioned are exclusively for MSN messenger only. If I block any traffic for these ports, will that make any problem for rest of my network activity in any sense.
Specially If I block port range from 6891 to 6900, it should only block MSN file transfer traffic, nothing else. Am I right.

Please suggest.
0
dstark30Commented:
Shiv3:

Without knowing your network, it is not very easy to say if blocking those Ranges will or will not cause problems for other Applications. I do recall reading previously that it is popular for IM Clients to use the Port Range in question for File Transfers, so unless you only want to Restrict MSN and not ICQ, I would look into something such as Microsoft ISA server, or other means of creating Rules to specifically limit MSN, Otherwise, Block the range, and keep an Ear to the Rail for a week to see if anything or anyone get's upset.
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

JoWickermanCommented:
Hi,

I agree with dstark30. It's difficult to say for sure, but block the range of ports and just keep an ear open for other complaints. Do not make too many changes at once, otherwise you it'll be difficult to know which changes casue which issues.

Cheers.
0
Shiv3Author Commented:
Thanks for your suggestion dstark30 and JoWickerman. One more thing, if I block the range of ports(6891 to 6900) then will that also block the internal MSN file transfer as I have read some  comments as

"Within a local network, this transfer is direct, meaning that the computers have TCP connections opened directly send to each other."

Is it true.


0
JoWickermanCommented:
Yeah, if you block it on your firewall, internal transfer will still be available.
0
dstark30Commented:
If the range is blocked on the connect between your LAN and the WAN, then yes, File Transferring and Instant messaging should still be available internally. If you wish to block that, you are going to have to look into other solutions that allow one to block things locally/per machine.
Have you commited the block on the Range yet?
0
JoWickermanCommented:
Hi,

Are you satisfied with the solution? Can we close this post?

Cheers.
0
Shiv3Author Commented:
Hi JoWickerman and Dstark30

Thanks a lot for all your support. Yes I have made the changes in my firewall but truly speaking did not get chance to test. but yes the way you both helped is really appreciable.

Thanks again.
Regards
Gaurav Arora
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Chat / IM

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.