Link to home
Start Free TrialLog in
Avatar of Shivtek
Shivtek

asked on

Block Gtalk / MSN

Hey Guys,

I am trying to block Gtalk and MSN in our network. MSN seems to be simple port 1864.

For Gtalk it uses 5222 and or 443. If 5222 is not available it goes to 443.

But port 443 seems to be hard to block because certain websites require a https secure connection.

Please guide.
Avatar of lobo797
lobo797
Flag of United States of America image

I take it you want to go beyond blocking domain names and keywords at the firewall.
ASKER CERTIFIED SOLUTION
Avatar of ICaldwell
ICaldwell
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Shivtek
Shivtek

ASKER

What you said doesn't make sense.
Avatar of Shivtek

ASKER

I meant what lobo797 said.
Avatar of Shivtek

ASKER

Blocking via ports would be hard because of port 80 and 443, Blocking the IP addresses might be possible. How can I block Gtalk client and online and Gmail completely?
Generally, you can block URLs or keywords at the firewall.  The only problem there can be a lot of URLs just for one site
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Shivtek

ASKER

Well gmail gets blocked by just blocking port 443....coz all gmail connections are secured. That would do it for Gtalk as well, 443, 5223, 5222 can be blocked too.

For yahoo if I block just yahoo.com it actually blocks everything....apparently all yahoo international sites redirect to ca.yahoo.com

There must be direct way to get to it?

does MSN have web messenger?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Shivtek

ASKER

My firewall by default blocks all ports, I have to manually open the ones I need. So msn and yahoo are automatically taken care of. web msn, yahoo and gmail are also taken care of...

Only problem is Gtalk client which can use port 443 to connect. The IP's you have listed ICaldwell dont do the trick for some reason, I am pretty sure Google has a bigger network for Gtalk than those 4 IP addresses. We need to find the CIDR's for Gtalk to completely block it I think.

Any other way?
Avatar of Shivtek

ASKER

I dont know why I can still access Gtalk after blocking those 4 IP's
Its possible they have changed IP's... can you block talk.google.com?
Avatar of Shivtek

ASKER

I did but it uses https://talk.google.com
can you block by the host name talk.google.com which will cover both http & https?

http - port 80
https - port 443
Avatar of Shivtek

ASKER

Thats what I was thinking too, but I am not sure if that will work or not...

I can test by opening 443 anf blocking talk.google.com for 80 and 443
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Are you using the Web GTalk or the desktop App?
Avatar of Shivtek

ASKER

I dont think the https blocking is working for individual IP/hostnames...because facebook.com is blocked...and after entering https://facebook.com I can access the site and if I block https://facebook.com it doesn't do anything.
Avatar of Shivtek

ASKER

I am using IPCop's URL Filter addon to do all this along with its Advanced Proxy
interesting, I have not used this one before... most if you put a * before it, that covers http & https...
Avatar of Shivtek

ASKER

Moreover its a transparent proxy, being used without entering the proxy settings in the browser.
yes, that is normal at most companies for it to be transparent... less setup and forces everything to go via the proxy even if there are no settings...  No way for users to get around it, unless you use something such as a vpn, which I figure in your case is what your looking for...
SOLUTION
Avatar of Jakob Digranes
Jakob Digranes
Flag of Norway image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
My friend install ISA server in which you can easily block all messengers. For configuration of rules in ISA 2004 please refer to these sites

http://isaserver.org
http://articles.techrepublic.com.com/5100-22_11-6029342.html
ISA's great, but  be ware that you most likely need updated application signatures, since the articles is a couple of years old.