Question

Locked

Block YM and MSN Messenger

By nixao27 ·
Hi Good Day, can anyone please help me, i have a proxy server in my network and i want to block Chikka, Yahoo Messenger and any messenger service. Is it possible for me to block them using squid proxy server?

This conversation is currently closed to new comments.

14 total posts (Page 1 of 2)   01 | 02   Next
Thread display: Collapse - | Expand +

All Answers

Collapse -

Partially

by serginho In reply to Block YM and MSN Messenge ...

I don't know about squid, but you can, at list partially, block this services with a firewall, prohibiting the LAN computers to open connections to the ports these services use (for example, MSN Messenger uses 1863). I said partially because some messaging services can be accessed via http, too.

Collapse -

block msn yahoo

by alihaidar In reply to Block YM and MSN Messenge ...

hello dude
i know how to block messenger plz email me privately.

Collapse -

help to block yahoo massenger and msn

by zameelmohamed In reply to block msn yahoo

hi
h r u i found u know how to block yahoo and msn massenger on router my router is linksys adsl router.
can u help me

thanks
regards.

Collapse -

Help toblock yahoo and msn

by rarizwan In reply to help to block yahoo masse ...

can u please send me the procedure block massenger software's on my linksys ADSL router

Collapse -

Can't do it on a home router

by seanferd In reply to Help toblock yahoo and ms ...

Unless you want to entirely block whichever ports the messenger clients use.

You could try OpenDNS, and use their filtering engine.
http://www.opendns.com/

Collapse -

Through ISA server 2000

by shariq.siddiqui In reply to Block YM and MSN Messenge ...

Blocking Network Applications Using Firewall Client Configuration

You can make changes to the mspclnt.ini file on the ISA Server. This file contains configuration information for Firewall client machines. It is downloaded from the ISA Server to the ISA clients every six hours by default. This file is stored in different locations on the client machines depending on the operating system.

Your first step is to figure out what the name of the executable file is for the offensive application. The following list includes the common dangerous applications and their .exe files:

AOL Instant Messenger - AIM.EXE
MSN Instant Messenger - MSMSGS.EXE
Yahoo Instant Messenger - YPAGER.EXE and YUPDATER.EXE
ICQ - ICQ.EXE
After you figure out the executable file name you can configure the mspclnt.ini file to block network communications from the application.

Perform the following steps to configure the mspclnt.ini file:

Open the ISA Management console, expand Servers and Arrays and expand your server. Click on the Client Configuration node, and then double click on the Firewall Client entry in the right pane.
You will see the Firewall Client Properties dialog box as seen in the figure below. Click the New button.


After clicking the New button you will see the Application Entry Settings dialog box as seen below. Type in the name of the application without the file extension in the Application text box. Type the letter D in the Key list so that Disable appears. In the Value list, type the number 1. Click OK after making these changes.


After making the changes to block the application, you need to wait until all clients have downloaded the new mspclnt.ini file. You either have to wait for 6 hours, or you can force the clients to download the file by going to each client and clicking on the Update Now button in the Firewall client configuration dialog box.
After each Firewall client machine has downloaded the updated mspclnt.ini file, you must disconnect all Firewall Client sessions from the ISA Server. You can do this by going to the ISA Management console and manually disconnecting the sessions (as seen in the figure below), or you can restart the Firewall Service. Restarting the Firewall Service will cause all Firewall client connections to drop.


If any of the clients are configured as SecureNAT clients, change their configuration by removing the default gateway address. The SecureNAT client will be able to get around the limitations you set in the wspclnt.ini file. You can configure the Windows 2000 Group Policy to block user access to the Network Connections Control Panel applet.
This is the first step in your access control configuration. Because some clients must be configured as SecureNAT clients, and because all of these applications can get around the mspclnt.ini configuration, there are some more steps you'll have to perform.

Application Specifics

It would be nice if we could configure all computers as Firewall clients and leave it at that. However, like all good malware, these dangerous applications can allow outbound connections through alternative means. Many of these applications allow the user to configure them as Web Proxy or SOCKS 4 clients (ISA Server does not support SOCKS 5 out of the box).

In addition to having to deal with users who reconfigure their applications, you also have to deal with applications that can scan the network and find a hole. Some of the applications can use stealth techniques and grab the browser's Web Proxy client configuration without your knowledge. Therefore, you'll have to do more than just configure the mspclnt.ini file

Yahoo Instant Messenger

Perform the following steps to block the Yahoo Instant Messenger:

Block the YPAGER.EXE and the YUPDATER.EXE executables in the mspclnt.ini file
Create a Site and Content rule that blocks http.pager.yahoo.com. Remember to create a Destination Set that includes this site so that you can create the Rule.
The SOCKS4 Application Filter must be disabled. Users can reconfigure the Yahoo IMer as SOCKS 4 or SOCKS 5 clients. ISA Server does not support SOCKS 5, but they can get out using SOCKS 4. Since few legitimate applications require SOCKS, you can safely disable the filter.




AOL Instant Messenger

Perform the following steps to block the AOL Instant Messenger:

Block the AIM.EXE executable in the mspclnt.ini file.
From my testing, the AOL IMer doesn't seem to be able to get around the mspclnt.ini file configuration, even if you set it up as a Web Proxy client in the AIM configuration dialog box. Therefore, you do not need to create a Site and Content Rule to block the aol.com domain.
Like the Yahoo IMer, AOLer can get around the mspclnt.ini file configuration by setting up the application to use SOCKS 4. Therefore, you will need to disable the SOCKS4 application filter to keep this application locked out.




MSN Instant Messenger

Perform the following steps to block the MSN Instant Messenger:

Block the MSMSGS.EXE executable in the wspclnt.ini file.
It appears that "sometimes" the MSN Instant Messenger is able to detect the proxy settings in the web browser. From my testing, it appears that it does not find the browser settings when IE 5.0 is the browser, but will find the browser settings on an IE 5.5 machine. It could also be an issue with "point" releases of the MSN IMer. This stealth discovery of the browser settings is not a configuration option. It is done in the background and without your knowledge.
Create a Destination Set that includes the IP address range 64.4.13.0 - 64.4.13.255. Then create a Site and Content rule that denies access to this Destination Set. Keep in mind that this network ID might change in the future. If you find users are able to connect using the MSN IMer in the future, review Firewall Service logs to determine the new network ID.
Note that creating a Site and Content rule that blocks services.msn.com will not prevent access.




ICQ 2000b

We only tested the latest version of ICQ, which appears to be ICQ 2000b. Perform the following steps to block this version of ICQ:

Block the ICQ.EXE file in the mspclnt.ini file.
Create a Destination Set that includes the following sites:
web.icq.com
ads.icq.com
login.icq.com
cb.icq.com
Create a Protocol Rule that denies access to the Destination Set you created above.
Setting the ICQ client to use SOCKS 4 does not appear to allow the client outbound access when the above steps are taken. However, it is still a good idea to disable the SOCKS 4 application filter in order to block the other IMers.
HTTP Redirector Configuration
Another thing you can do to help take a bite out of crime is to configure the HTTP Redirector Filter to drop all requests from Firewall and SecureNAT clients.



After configuring the HTTP Redirector Filter, go to the Outgoing Web Requests listener and force authentication.



Many of the IMers do not know how to send client credentials to the Web Proxy service. If the client cannot properly authenticate, it will not be able to gain access to the Web Proxy service. If it can't access the Web Proxy service, it won't be able to use HTTP to connect to the offending site.

Note that some of these IMers, such as the Yahoo Messenger, will not work if you require any sort of authentication. I ran into this when I was actually trying to make this work for a client who I could not convince regarding the security hazards of IMers (he ended up receiving a virus from a "friend" through the fire transfer later).

I had a Protocol Rule that allow all IP traffic and used the default Site and Content Rule. However, I couldn't get the dreaded Yahoo IMer to work. The problem was that my Bandwidth Rules were based on users and groups. The funny thing was that the rule governing HTTP access was configured to let everyone through. It was an NNTP Bandwidth Rule, which was not being used, that prevented access!

Collapse -

Block- TCP Port 5050: Client Access only

by jayeshpj In reply to Block YM and MSN Messenge ...

Hi,

You can block Yahoo messenger by blocking the specified ports in firewall.
TCP Port 5050. this ports is using for instant messaging. you can block 20,21,23,25 ports also for high Security.

Collapse -

This is no longer valid...

by otaku_lord In reply to Block- TCP Port 5050: Cli ...

Most IM applications scan all open ports and generally begin with port 80 (WWW). I have all of the standard ports blocked (1863, 5000-5010, 5050, 5100, 5101, 5190, etc) and they still get online.

Collapse -

TCP Port 21,23,25 have nothing to do with YM

by ali.iqbalamzt In reply to Block- TCP Port 5050: Cli ...

if you block port 21 u will be unable to access any FTP server
if you block port 23 telnet will be block
if you block port 25 SMTP services will be blocked used for sending emails

so be carefull while blocking a port

Collapse -

Group Ploicy

by Nimmo In reply to Block YM and MSN Messenge ...

Use GPO and specify the path to the executable that you want to block, use a wild card entry so even if the .exe is renamed it will not run.

Start>run>gpedit.msc>expand user configuration>expand windows settings>expand security settings>right click on software restrictions

The only down side to this is that if a user chances the install path it will get through. You can however get past this problem by using GPO to block the .exe by its hash. This can be a bit of a problem because you will need every version of MSN, yahoo, torrents installed to block the hash.

Back to Networks Forum
14 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums