Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using pfsense to block windows live messenger

    Firewalling
    6
    10
    9.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mojomasta
      last edited by

      Hello,

      I've been trying to block access to windows live messenger on a network for quite some time now. I'm aware it's quite hard to do completely thanks to web IM clients, but I can deal with those as they pop up. I've installed squid, snort, and IMspector, and besides logging conversations using IMspector, I am yet to do any progress when it comes to actually preventing the Live Messenger from connecting.

      How can I block windows live messenger connections using pfsense?

      Thanks a ton!

      1 Reply Last reply Reply Quote 0
      • S
        Slam
        last edited by

        I think you can achieve this using opendns.com, which has an option in the members dashboard to deny chat/instant messaging on your network.

        Slam

        1 Reply Last reply Reply Quote 0
        • M
          mojomasta
          last edited by

          Thanks for your reply, Slam.

          I'd already tried blocking chat using opendns. Unfortunately it does not do a very good job at it. I am hoping to achieve this with pfsense.

          thanks

          1 Reply Last reply Reply Quote 0
          • K
            kpa
            last edited by

            I think msn messenger will fall back to http if it can't use any other ports so you would have to block that as well, see http://support.microsoft.com/kb/927847.

            1 Reply Last reply Reply Quote 0
            • M
              mojomasta
              last edited by

              Yeah, messenger falls back to port 80 if the other ports it uses are blocked. This is why the traditional approach of blocking the ports does not work anymore. There are ways to block it by blocking certain domains, but that way you block hotmail, and any other service online that requires you use your windows live ID to login. That is not acceptable. I was told using snort and squid there was a way to detect the actual messenger traffic and nip it in the bud. I'm yet to have any success.

              Thanks for your answer :)

              1 Reply Last reply Reply Quote 0
              • L
                leonevaladares
                last edited by

                Use the Imspector, is a package to install in PFsense, is good, but need to configure.
                See this Site to Learn how to configure:

                http://www.imspector.org/wordpress/

                1 Reply Last reply Reply Quote 0
                • M
                  mojomasta
                  last edited by

                  The only thing I can get IMspector to do is to log traffic, and censor words from the dirty word list. are there additional steps required to have the blacklist/whitelist function?

                  1 Reply Last reply Reply Quote 0
                  • M
                    mojomasta
                    last edited by

                    Anyone have any hints? I've acheived limited success with opendns but am still wondering how to properly filter windows live messenger with pfsense.

                    1 Reply Last reply Reply Quote 0
                    • E
                      eri--
                      last edited by

                      Only 2.0 which has layer7 filtering.
                      Otherwise you would have to use squid+opendns+firewall rules to do that.

                      1 Reply Last reply Reply Quote 0
                      • D
                        dekopolis
                        last edited by

                        You might be able to use Snort. I know there is a way to block Skype with Snort in pfSense, so there is probably a way for other messengers as well.
                        http://www.carbonwind.net/Firewalls/BlockingSkypewithPfsenseandSnort/BlockingSkypewithPfsenseandSnort.htm

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.