Using pfsense to block windows live messenger

mojomasta · Feb 26, 2009, 7:17 PM

Hello,

I've been trying to block access to windows live messenger on a network for quite some time now. I'm aware it's quite hard to do completely thanks to web IM clients, but I can deal with those as they pop up. I've installed squid, snort, and IMspector, and besides logging conversations using IMspector, I am yet to do any progress when it comes to actually preventing the Live Messenger from connecting.

How can I block windows live messenger connections using pfsense?

Thanks a ton!

Slam · Feb 27, 2009, 12:59 AM

I think you can achieve this using opendns.com, which has an option in the members dashboard to deny chat/instant messaging on your network.

Slam

mojomasta · Feb 27, 2009, 1:57 PM

Thanks for your reply, Slam.

I'd already tried blocking chat using opendns. Unfortunately it does not do a very good job at it. I am hoping to achieve this with pfsense.

thanks

kpa · Feb 27, 2009, 2:10 PM

I think msn messenger will fall back to http if it can't use any other ports so you would have to block that as well, see http://support.microsoft.com/kb/927847.

mojomasta · Feb 27, 2009, 3:00 PM

Yeah, messenger falls back to port 80 if the other ports it uses are blocked. This is why the traditional approach of blocking the ports does not work anymore. There are ways to block it by blocking certain domains, but that way you block hotmail, and any other service online that requires you use your windows live ID to login. That is not acceptable. I was told using snort and squid there was a way to detect the actual messenger traffic and nip it in the bud. I'm yet to have any success.

Thanks for your answer :)

leonevaladares · Feb 27, 2009, 4:29 PM

Use the Imspector, is a package to install in PFsense, is good, but need to configure.
See this Site to Learn how to configure:

http://www.imspector.org/wordpress/

mojomasta · Mar 2, 2009, 6:04 PM

The only thing I can get IMspector to do is to log traffic, and censor words from the dirty word list. are there additional steps required to have the blacklist/whitelist function?

mojomasta · Mar 10, 2009, 5:38 PM

Anyone have any hints? I've acheived limited success with opendns but am still wondering how to properly filter windows live messenger with pfsense.

eri-- · Mar 10, 2009, 10:46 PM

Only 2.0 which has layer7 filtering.
Otherwise you would have to use squid+opendns+firewall rules to do that.

dekopolis · Mar 27, 2009, 6:37 PM

You might be able to use Snort. I know there is a way to block Skype with Snort in pfSense, so there is probably a way for other messengers as well.
http://www.carbonwind.net/Firewalls/BlockingSkypewithPfsenseandSnort/BlockingSkypewithPfsenseandSnort.htm