[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Block Gtalk / MSN

Posted on 2010-01-02
27
Medium Priority
?
841 Views
Last Modified: 2013-11-16
Hey Guys,

I am trying to block Gtalk and MSN in our network. MSN seems to be simple port 1864.

For Gtalk it uses 5222 and or 443. If 5222 is not available it goes to 443.

But port 443 seems to be hard to block because certain websites require a https secure connection.

Please guide.
0
Comment
Question by:Shivtek
  • 12
  • 10
  • 2
  • +2
27 Comments
 
LVL 10

Expert Comment

by:lobo797
ID: 26164287
I take it you want to go beyond blocking domain names and keywords at the firewall.
0
 
LVL 11

Accepted Solution

by:
ICaldwell earned 1668 total points
ID: 26164292
Google Talk uses Port 80, Port 443 and Port 5223 other than Port 5222 for its communication purposes. Worst of all: Google Talk connects to 216.239.37.125, 72.14.253.125 and 72.14.217.189 other than 209.85.137.125. It connects to Ports 5222, 5223, 443 and 80 in all the cases.

Blocking all these 4 addresses blocks Google Talk at both Browser and Talk Client. Note: This does not disable Google mail


For MSN block anything going to *gateway.messenger.hotmail.com
0
 
LVL 1

Author Comment

by:Shivtek
ID: 26164293
What you said doesn't make sense.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 1

Author Comment

by:Shivtek
ID: 26164298
I meant what lobo797 said.
0
 
LVL 1

Author Comment

by:Shivtek
ID: 26164300
Blocking via ports would be hard because of port 80 and 443, Blocking the IP addresses might be possible. How can I block Gtalk client and online and Gmail completely?
0
 
LVL 10

Expert Comment

by:lobo797
ID: 26164301
Generally, you can block URLs or keywords at the firewall.  The only problem there can be a lot of URLs just for one site
0
 
LVL 11

Assisted Solution

by:ICaldwell
ICaldwell earned 1668 total points
ID: 26164307
Block these IP's for GTalk

     216.239.37.125
     72.14.253.125
     72.14.217.189
     209.85.137.12

Block these IP's for MSN Messanger:

64.4.13.171 - 64.4.13.190
207.46.106.1 - 207.46.108.254
and the IPs 65.54.239.20

These IP's can change, GTalk posts their's so they won't change much but MSN says block *gateway.messenger.hotmail.com since they do change IP ranges....
0
 
LVL 11

Assisted Solution

by:ICaldwell
ICaldwell earned 1668 total points
ID: 26164311
Usually you block by URL's... I wouldn't recommend blocking by keywords as lobo797 says...
0
 
LVL 1

Author Comment

by:Shivtek
ID: 26164315
Well gmail gets blocked by just blocking port 443....coz all gmail connections are secured. That would do it for Gtalk as well, 443, 5223, 5222 can be blocked too.

For yahoo if I block just yahoo.com it actually blocks everything....apparently all yahoo international sites redirect to ca.yahoo.com

There must be direct way to get to it?

does MSN have web messenger?
0
 
LVL 11

Assisted Solution

by:ICaldwell
ICaldwell earned 1668 total points
ID: 26164337
yes

http://people.live.com is MSN Web

I would not block 443, that blocks all secure communication... People use that from time to time on legit websites...
0
 
LVL 1

Author Comment

by:Shivtek
ID: 26164489
My firewall by default blocks all ports, I have to manually open the ones I need. So msn and yahoo are automatically taken care of. web msn, yahoo and gmail are also taken care of...

Only problem is Gtalk client which can use port 443 to connect. The IP's you have listed ICaldwell dont do the trick for some reason, I am pretty sure Google has a bigger network for Gtalk than those 4 IP addresses. We need to find the CIDR's for Gtalk to completely block it I think.

Any other way?
0
 
LVL 1

Author Comment

by:Shivtek
ID: 26164499
I dont know why I can still access Gtalk after blocking those 4 IP's
0
 
LVL 11

Expert Comment

by:ICaldwell
ID: 26164504
Its possible they have changed IP's... can you block talk.google.com?
0
 
LVL 1

Author Comment

by:Shivtek
ID: 26164546
I did but it uses https://talk.google.com
0
 
LVL 11

Expert Comment

by:ICaldwell
ID: 26164554
can you block by the host name talk.google.com which will cover both http & https?

http - port 80
https - port 443
0
 
LVL 1

Author Comment

by:Shivtek
ID: 26164556
Thats what I was thinking too, but I am not sure if that will work or not...

I can test by opening 443 anf blocking talk.google.com for 80 and 443
0
 
LVL 11

Assisted Solution

by:ICaldwell
ICaldwell earned 1668 total points
ID: 26164564
just to cover a few others, also block these two host names:

talkx.l.google.com
chatenabled.mail.google.com
0
 
LVL 11

Expert Comment

by:ICaldwell
ID: 26164567
Are you using the Web GTalk or the desktop App?
0
 
LVL 1

Author Comment

by:Shivtek
ID: 26164581
I dont think the https blocking is working for individual IP/hostnames...because facebook.com is blocked...and after entering https://facebook.com I can access the site and if I block https://facebook.com it doesn't do anything.
0
 
LVL 1

Author Comment

by:Shivtek
ID: 26164584
I am using IPCop's URL Filter addon to do all this along with its Advanced Proxy
0
 
LVL 11

Expert Comment

by:ICaldwell
ID: 26164623
interesting, I have not used this one before... most if you put a * before it, that covers http & https...
0
 
LVL 1

Author Comment

by:Shivtek
ID: 26164654
Moreover its a transparent proxy, being used without entering the proxy settings in the browser.
0
 
LVL 11

Expert Comment

by:ICaldwell
ID: 26164661
yes, that is normal at most companies for it to be transparent... less setup and forces everything to go via the proxy even if there are no settings...  No way for users to get around it, unless you use something such as a vpn, which I figure in your case is what your looking for...
0
 
LVL 22

Assisted Solution

by:Jakob Digranes
Jakob Digranes earned 332 total points
ID: 26164797
the best way to block IMs is by using application signatures, and - of course - a firewall that can read and block application signatures.
Blocking ports and URLs is messy and time consuming and easy to bypass.

here's some application signatures; http://technet.microsoft.com/en-us/library/cc302520.aspx
but it's an old list and you moight update this using Wireshark (www.wireshark.org)
Haven't used IPCop and just browsed through the manual. Couldn't see anything on app signatures
0
 
LVL 11

Expert Comment

by:farjadarshad
ID: 26335229
My friend install ISA server in which you can easily block all messengers. For configuration of rules in ISA 2004 please refer to these sites

http://isaserver.org
http://articles.techrepublic.com.com/5100-22_11-6029342.html
0
 
LVL 22

Expert Comment

by:Jakob Digranes
ID: 26335350
ISA's great, but  be ware that you most likely need updated application signatures, since the articles is a couple of years old.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question