Blocking MSN Messenger
-
Obtain the IP addresses of the MSN Login servers (you can find them with a little bit of google action) and create an alias for them. Then, block access to those IP addresses on your LAN interface.
-
Well,
It seems that using squid may be some kind of solution:
Blocking acces to these domains prevents users to login (tested with messenger 7.5, live 8.1 and 8.5):
In Services->ProxyServer, Access control Tab, blacklisted add these:
#MSN
gateway.messenger.hotmail.com
relay.data.edge.messenger.live.com
gw.msnmessenger.akadns.net
dp.msnmessenger.akadns.netIn addition to that you must block acces to port 1863 from Lan.
This a rather not elegant solution, because login gateways may vary with the messenger version, and it is useless if clients use any anonimizer-like tool that cheats the proxy, but at least it is something.
Webmessengers clients should also be blocked
#webmessengers
webmessenger.msn.com
msn2go.com
ebuddy.com
koolim.com
messengerfx.com
iloveim.com
mabber.com
communicationtube.net
radiusim.com
snimmer.comadditions to that list are welcome
-
You asked specifically about blocking MSN messenger, I gave you the solution. Expanding beyond it to try and filter all IM clients is a much bigger discussion.
-
if I misslead you to think that i am triyng to block all IM clients, i am sorry,it was not my intention, i am just triying to block MSN messenger, since it is the
most popular.I tried your solution at first, but it did no work for me (too lazy to check all ips).
Thanks for the advice anyway, i would have gone in that direction if my solution would have failed.
-
Have you considered using snort?
-
YES!
Snort is an awesome feature, but it is a bit difficult to configure too, for newbies like me.
I managed to block MSN with it, but along with that the lan ip was banned completely, and that was not what i wanted.Maybe it can be configured to only ban "ofender" ips from the wan side,, can it?
Regards,
Nicolas.
-
This is what i did (using MSN as example, the same applies to other IM's):
Google for the msn's mime type, it is x-msn-messenger, so i created an acl for request and reply mime types:
acl msn_req req_mime_type application/x-msn-messenger
acl msn_rep rep_mime_type application/x-msn-messengerNow, just block them:
http_access deny msn_req
http_reply_access deny msn_repI added the four lines above in the Custom Options texbox (In Services- > Proxy Server -> General Settings)
Dont forget to block port 1863 in Firewall -> Rules.
Now the motherfuckers at Redmond can change their login server's ip wherever they want, it still works ;D
Kind regards, -
This is what i did (using MSN as example, the same applies to other IM's):
Google for the msn's mime type, it is x-msn-messenger, so i created an acl for request and reply mime types:
acl msn_req req_mime_type application/x-msn-messenger
acl msn_rep rep_mime_type application/x-msn-messengerNow, just block them:
http_access deny msn_req
http_reply_access deny msn_repI added the four lines above in the Custom Options texbox (In Services- > Proxy Server -> General Settings)
Dont forget to block port 1863 in Firewall -> Rules.
Now the motherfuckers at Redmond can change their login server's ip wherever they want, it still works ;D
Kind regards,Sorry to bring up this old post, but I was hoping someone could help me with a similar idea…
I am using IMSpector to monitor office chat programs, but it doesn't seem to be working with MSN when the program goes through port 80.
Is there any way to "detect" the application/x-msn-messenger request, and "force" it to the alternate msn port, 1863, to be detected by IMSpector?I would be open to any alternative too.
-
run squid in transparent mode and use the above described configuration to block it on port 80. I guess it wil then fall back to the other port where imspector can capture the traffic.
-
Unfortunately, I have issues running squid in transparent mode (have a post in the packages forum about it) so for now that is not working for me :(
