Block Gtalk / MSN

Hey Guys,

I am trying to block Gtalk and MSN in our network. MSN seems to be simple port 1864.

For Gtalk it uses 5222 and or 443. If 5222 is not available it goes to 443.

But port 443 seems to be hard to block because certain websites require a https secure connection.

Please guide.
LVL 1
ShivtekAsked:
Who is Participating?
 
ICaldwellCommented:
Google Talk uses Port 80, Port 443 and Port 5223 other than Port 5222 for its communication purposes. Worst of all: Google Talk connects to 216.239.37.125, 72.14.253.125 and 72.14.217.189 other than 209.85.137.125. It connects to Ports 5222, 5223, 443 and 80 in all the cases.

Blocking all these 4 addresses blocks Google Talk at both Browser and Talk Client. Note: This does not disable Google mail


For MSN block anything going to *gateway.messenger.hotmail.com
0
 
lobo797Commented:
I take it you want to go beyond blocking domain names and keywords at the firewall.
0
 
ShivtekAuthor Commented:
What you said doesn't make sense.
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
ShivtekAuthor Commented:
I meant what lobo797 said.
0
 
ShivtekAuthor Commented:
Blocking via ports would be hard because of port 80 and 443, Blocking the IP addresses might be possible. How can I block Gtalk client and online and Gmail completely?
0
 
lobo797Commented:
Generally, you can block URLs or keywords at the firewall.  The only problem there can be a lot of URLs just for one site
0
 
ICaldwellCommented:
Block these IP's for GTalk

     216.239.37.125
     72.14.253.125
     72.14.217.189
     209.85.137.12

Block these IP's for MSN Messanger:

64.4.13.171 - 64.4.13.190
207.46.106.1 - 207.46.108.254
and the IPs 65.54.239.20

These IP's can change, GTalk posts their's so they won't change much but MSN says block *gateway.messenger.hotmail.com since they do change IP ranges....
0
 
ICaldwellCommented:
Usually you block by URL's... I wouldn't recommend blocking by keywords as lobo797 says...
0
 
ShivtekAuthor Commented:
Well gmail gets blocked by just blocking port 443....coz all gmail connections are secured. That would do it for Gtalk as well, 443, 5223, 5222 can be blocked too.

For yahoo if I block just yahoo.com it actually blocks everything....apparently all yahoo international sites redirect to ca.yahoo.com

There must be direct way to get to it?

does MSN have web messenger?
0
 
ICaldwellCommented:
yes

http://people.live.com is MSN Web

I would not block 443, that blocks all secure communication... People use that from time to time on legit websites...
0
 
ShivtekAuthor Commented:
My firewall by default blocks all ports, I have to manually open the ones I need. So msn and yahoo are automatically taken care of. web msn, yahoo and gmail are also taken care of...

Only problem is Gtalk client which can use port 443 to connect. The IP's you have listed ICaldwell dont do the trick for some reason, I am pretty sure Google has a bigger network for Gtalk than those 4 IP addresses. We need to find the CIDR's for Gtalk to completely block it I think.

Any other way?
0
 
ShivtekAuthor Commented:
I dont know why I can still access Gtalk after blocking those 4 IP's
0
 
ICaldwellCommented:
Its possible they have changed IP's... can you block talk.google.com?
0
 
ShivtekAuthor Commented:
I did but it uses https://talk.google.com
0
 
ICaldwellCommented:
can you block by the host name talk.google.com which will cover both http & https?

http - port 80
https - port 443
0
 
ShivtekAuthor Commented:
Thats what I was thinking too, but I am not sure if that will work or not...

I can test by opening 443 anf blocking talk.google.com for 80 and 443
0
 
ICaldwellCommented:
just to cover a few others, also block these two host names:

talkx.l.google.com
chatenabled.mail.google.com
0
 
ICaldwellCommented:
Are you using the Web GTalk or the desktop App?
0
 
ShivtekAuthor Commented:
I dont think the https blocking is working for individual IP/hostnames...because facebook.com is blocked...and after entering https://facebook.com I can access the site and if I block https://facebook.com it doesn't do anything.
0
 
ShivtekAuthor Commented:
I am using IPCop's URL Filter addon to do all this along with its Advanced Proxy
0
 
ICaldwellCommented:
interesting, I have not used this one before... most if you put a * before it, that covers http & https...
0
 
ShivtekAuthor Commented:
Moreover its a transparent proxy, being used without entering the proxy settings in the browser.
0
 
ICaldwellCommented:
yes, that is normal at most companies for it to be transparent... less setup and forces everything to go via the proxy even if there are no settings...  No way for users to get around it, unless you use something such as a vpn, which I figure in your case is what your looking for...
0
 
Jakob DigranesSenior ConsultantCommented:
the best way to block IMs is by using application signatures, and - of course - a firewall that can read and block application signatures.
Blocking ports and URLs is messy and time consuming and easy to bypass.

here's some application signatures; http://technet.microsoft.com/en-us/library/cc302520.aspx
but it's an old list and you moight update this using Wireshark (www.wireshark.org)
Haven't used IPCop and just browsed through the manual. Couldn't see anything on app signatures
0
 
farjadarshadCommented:
My friend install ISA server in which you can easily block all messengers. For configuration of rules in ISA 2004 please refer to these sites

http://isaserver.org
http://articles.techrepublic.com.com/5100-22_11-6029342.html
0
 
Jakob DigranesSenior ConsultantCommented:
ISA's great, but  be ware that you most likely need updated application signatures, since the articles is a couple of years old.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.