Block MSN Messenger by router rules (Netgear DG834)

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
As per subject line.....Am trying to "control" usage at home. Common
sense approach with daughter has failed miserably, so I want to be
able to restrict it to reasonable periods.
I have 2 PC's connected to a Netgear DG834 router.
Searching on Google has turned little up. I understand MSN Messenger
uses port 1863 outbound, but if this is blocked, it will revert back
to port 80. I don't want to block that as that's normal http traffic.
I can't see an application blocking within Netgear, so am at a loss.
Looking for port 1863 outbound in my traffic logs, I found a "common"
IP address...in the range 207.46.xxx.xxx.
I did a traceback on this, the "ARIN who is" came back with an address
range of 207.46.0.0 to 207.46.255.255 as valid for MSN.
Went back into the admin of my Netgear router and tried to create a
rule around the IP address range 207.46.0.0 to 207.46.255.255, (TCP)
This didn't work as I got an error message returned saying it was an
"invalid finish IP" and then an "illegal IP range"
I tried various combinations but non seemed to work.
Only thing I could think of was...my access to the Netgear admin  menu
is via IE. Could this possibly be preventing me from blocking this
range somehow??
I tried single IP addresses and still get the same error. I even tried
216.239.59.147 (Google.co.uk) which worked fine, so I know that  what
I'm doing on the router will work on some addresses.

Help/guidance appreciated please

Mick


Block MSN Messenger by router rules (Netgear DG834)
As per subject line.....Am trying to "control" usage at home. Common
sense approach with daughter has failed miserably, so I want to be
able to restrict it to reasonable periods.
I have 2 PC's connected to a Netgear DG834 router.
Searching on Google has turned little up. I understand MSN Messenger
uses port 1863 outbound, but if this is blocked, it will revert back
to port 80. I don't want to block that as that's normal http traffic.
I can't see an application blocking within Netgear, so am at a loss.
Looking for port 1863 outbound in my traffic logs, I found a "common"
IP address...in the range 207.46.xxx.xxx.
I did a traceback on this, the "ARIN who is" came back with an address
range of 207.46.0.0 to 207.46.255.255 as valid for MSN.
Went back into the admin of my Netgear router and tried to create a
rule around the IP address range 207.46.0.0 to 207.46.255.255, (TCP)
This didn't work as I got an error message returned saying it was an
"invalid finish IP" and then an "illegal IP range"
I tried various combinations but non seemed to work.
Only thing I could think of was...my access to the Netgear admin  menu
is via IE. Could this possibly be preventing me from blocking this
range somehow??
I tried single IP addresses and still get the same error. I even tried
216.239.59.147 (Google.co.uk) which worked fine, so I know that  what
I'm doing on the router will work on some addresses.

Help/guidance appreciated please

Mick


Re: Block MSN Messenger by router rules (Netgear DG834)
Quoted text here. Click to load it

I don't have any simple answer to this but have you read through the
information here
http://www.google.com/search?&q=%22block+msn+messenger%22

Jason

Quoted text here. Click to load it




Re: Block MSN Messenger by router rules (Netgear DG834)
On Tue, 8 Feb 2005 20:38:34 -0000, "Jason Edwards"

Quoted text here. Click to load it
Yep been there over the past few days...Experts Exchange require
subscription to see the answer....all other search replies give no
real solution that I can see.
There are a couple of proggies out there, shareware at best.. no
freebies.
Surely someone has managed to block this on a router.
I could put a personal firewall on the machine in question, but was
looking for a router solution so as I could remotely administer.

Mick


Re: Block MSN Messenger by router rules (Netgear DG834)
Quoted text here. Click to load it

Scroll down, and down, but it probably doesn't tell you anything you don't
already know.

Jason

Quoted text here. Click to load it




Re: Block MSN Messenger by router rules (Netgear DG834)

Quoted text here. Click to load it

   Personal firewall is the ONLY way to do it.
See my other post on the subject, you are going to
have to spend a LOT of money, to get what you
need to block MSN Messenger, on both hardware
and software. And a PFW solution will HAVE
to be on a NAT box, on a home LAN.




Re: Block MSN Messenger by router rules (Netgear DG834)
Quoted text here. Click to load it

I just downloaded it on to the PC I'm sitting at.
I then installed it and used a login I got some hundred years ago in case I
needed one for test purposes.
It logged in fine.
I then made an adjustment to an internal DNS server and flushed the DNS
cache on this PC.
When I try logging in again it says this
"We could not sign you in to MSN messenger because your Internet Explorer
browser cannot connect to the Internet. Please check your browser's ability
to connect, and then try signing in to messenger again. 0x81000363"
This message is interesting for a few reasons, one of them being I don't use
Internet Explorer unless I have to. Another being that Internet Explorer
_can_ connect to Google and anywhere else I want to go.
It looks to me like a personal firewall is not the only way to do it, but
I'm not saying your methods won't work.
One possible issue with this method is that it may not kill an existing
session.

Jason

Quoted text here. Click to load it




Re: Block MSN Messenger by router rules (Netgear DG834)


Quoted text here. Click to load it


   If you are serious about blocking messenger, you
are going to have to dump your hardware appliance,
number one. Second, you are going to have to
spend $1000+ on more equipment. You will need'
to have a NAT box, running either ICS, AllegroSurf,
or some other NAT proxy. Next, you will be a
personal firewall on the NAT Box, such as Tiny,
that can block by application, plus all the switches
and cables to put it all together. For a PC doing
NAT, I recommend at LEAST 640 megs of RAM.
Also, with a NAT box, you can do a LOT more.
You can put a second hard disk in, and use that as
a central storage point for all files, that can be accessed
from any PC on your network. You can restrict files
by user, if you install Windows XP professional on the
NAT Box. A PC running NAT can do a LOT more
than a hardware appliance.
     Becuase Tiny is more flexiable than a hardware
appliance, it can block things that hardware appliances
cannot.
    Once your NAT box is setup, configure it to restrict
all connections through either HTTP or Socks proxy.
Then you tell Tiny to not allow the Socks proxy to
get out on 80 or 1863 (though I would recommend
blocking ports 80, and 1000-5300 to block Kazaa
as well). Some people might call my setup a "toy
firewall", but I can say it is the ONLY thing that will
block MSN Messenger, if you are really serious
about blocking it.
     The real sticking point is port 80, and you cannot
block this, without blocking all HTTP as well. That is
why my setup, with an ICS box and Tiny, is the only
thing that will work. You simply have two different
programs for HTTP and Socks proxy, and tell Tiny
to block the program handling the Socks proxy not
to allow access to the ports that MSN Messenger
uses.
     Also, throw in some filtering software (CyBlock is
good, but the $799/year fee would be rather expensive
for home use) on the NAT box, and you can block
anything else that comes your way, that you dont want
her to access.
      For a Socks proxy, I recommend AllegroSurf, for
an HTTP proxy, CyBlock is a filter and HTTP proxy
in one. A word of caution, though with CyBlock, it
opens quite security hole, and you will need to have
Tiny installed and configured to restrict it. CyBlock,
if you use it, needs to be restricted to outgoing ports
80 and 443, and incoming traffic needs to be restricted
to your local network. I found this out when I checked
the logs and discovered someone from China tunelling
through the proxy in CyBlock to go to an SMTP
server at Yahoo on port 25. It is becuase of this
security hole that CyBlock must be restricted to using
ports 80 and 443 for outgoing traffic.




Re: Block MSN Messenger by router rules (Netgear DG834)


[snip]

   Also, another way to do it is to uninstall
Messenger. You can tweek a few files which
will make Messenger show in the Add/Remove
programs list, and you can uninstall that way.
Information is availabe at http://www.blackviper.com
in the "Super Tweaks" page.





Re: Block MSN Messenger by router rules (Netgear DG834)
On Wed, 9 Feb 2005 09:54:04 -0800, "Charles Newman"

Quoted text here. Click to load it
Thanks for the info. I am using Sygate PFW free on the main machine
behind the router, more as a check on any nasties trying to phone
home. I thought of adding this to the daughters PC, but it doesn't
offer remote admin access from another PC. Kerio PFW, also free, does
have a remote access, where I could switch/alter the rule at will.
Both these block on a per application basis, so would fit the bill. I
was just hoping I could get a solution via the NAT router.
I've now managed to block all access to IP range 207.46.0.1 to
207.46.255.254 and 64.4.0.1 to 64.4.255.254 and still MSN Messeger
gets out......

Mick


Re: Block MSN Messenger by router rules (Netgear DG834)

Quoted text here. Click to load it

We block 207.46.245.214, 207.46.245.222 and 207.46.104.20 to stop
MSMessenger.




Re: Block MSN Messenger by router rules (Netgear DG834)
Quoted text here. Click to load it

In your case it will first try to connect to msn.co.uk
If that fails it will go for msn.com
Blocking access to msn.co.uk msn.com and *.passport.com clobbers it
completely as far as I can tell.

Jason

Quoted text here. Click to load it




Re: Block MSN Messenger by router rules (Netgear DG834)

Quoted text here. Click to load it

   Like I say, you going to have to spend a LOT
of money if you want to block it. What you
 need to to is DUMP your hardwware appliance
and replace it with a PC handling the job using
either ICS, AllegroSurf, or one of numerous NAT
programs on the Market. Take your PFW solution,
put it on the ICS box, configure it to ONLY allow
access through Socks and HTTP proxies. With
AllegroSurf, you can tell your PFW not to allow
alleegrosurf to go out on ports 80 and 1863, then
you find another program to handle HTTP. With
Tiny or Kerio, you can block your Socks proxy
from getting to port 80, while allowing your HTTP
proxy to get out on port 80 for Web browsing.
    I am sorry to say that if you want to block
Messenger, you have to spend a LOT of money
to do it. With the setup I have, MSN Messenger
will NOT get out any from any of the client
machines. Tiny firewall, on an NAT/ICS box can
block things that hardware appliances CANNOT
BLOCK.
     You will need to replace your hardware
appliance with:

another PC
a network hub
second NIC card for the NAT/ICS box
all neccessary cables

    It will cost you a lot money, but if you are
SERIOUS about blocking Messenger, be
pepared to do so.




Re: Block MSN Messenger by router rules (Netgear DG834)
Charles Newman wrote:
Quoted text here. Click to load it


Smoothwall with Guardian should be able to block it,may have to tweek
the Snort rules a bit

http://community.smoothwall.org/forum/viewtopic.php?t=8206


John


Re: Block MSN Messenger by router rules (Netgear DG834)
I would try m0n0Wall (http://m0n0.ch/wall ) on an old PC lying around.
2 nics and your in business!

Don't be afraid of it, it is MUCH more powerful than your router, but
has configuration requirements (knowledge) only slightly above what the
router would require.  Not to mention it is FREE!  It has a WONDERFUL
web based GUI for management!

Block the following and you should be good to go:

  TCP/UDP  msn  *  216.178.160.34/24  *  216.178.160.34
  TCP/UDP  msn  *  213.249.102.94/24  *  213.249.102.94
  TCP/UDP  msn  *  213.199.154.54/24  *  213.199.154.54
  TCP/UDP  msn  *  213.199.154.11/24  *  213.199.154.11
  TCP/UDP  msn  *  207.68.178.239/24  *  207.68.178.239
  TCP/UDP  msn  *  207.46.110.254/24  *  207.46.110.254
  TCP/UDP  msn  *  207.46.110.48/24  *  207.46.110.48
  TCP/UDP  msn  *  207.46.107.33/24  *  207.46.107.33
  TCP/UDP  msn  *  207.46.106.28/24  *  207.46.106.28
  TCP/UDP  msn  *  195.33.103.52/24  *  195.33.103.52
  TCP/UDP  msn  *  194.130.106.132/24  *  194.130.106.132

Hope this helps!

Smooter



Re: Block MSN Messenger by router rules (Netgear DG834)

Quoted text here. Click to load it

   However, port 80 is the problem here. You
cannot block port 80, without blocking all
Web access. The makers of the Messenger
services, along with P2P companies know this,
and they designed their software to make most
attempts to block it fail.
    My so-called "toy firewall" can block things
that hardware appliances cannot block. Call it
a toy if you like, buy my setup can block
MSN, Yahoo, and AOL messenger services,
plus the P2P services that hardware appliances
cannot do. If more people adopted the type
of system I have, it would put companies
like Netgear, Cisco and other makers of
hardware appliances out of business.

Quoted text here. Click to load it




Re: Block MSN Messenger by router rules (Netgear DG834)
Charles Newman wrote:
Quoted text here. Click to load it

anything Snort can see guardian can block, and the blocks age off
automatically, if there was a Snort rule for the traffic a block on the
remote IP would be placed in firewall rules.

John


Re: Block MSN Messenger by router rules (Netgear DG834)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You had to quote his _ENTIRE_ post in order to say that?

- --
Solbu - http://www.solbu.net
Remove 'ugyldig' for email
PGP key ID: 0xFA687324
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCC33xT1rWTfpocyQRAh39AJ4iH34SrMd0pFGm92kd+tyrO3rtJACg3kpx
2VRhYSfBDkELKC7+gBawy/A=
=6tid
-----END PGP SIGNATURE-----


Re: Block MSN Messenger by router rules (Netgear DG834)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You had to quote _ALL that_ in order to make your point?

- --
Solbu - http://www.solbu.net
Remove 'ugyldig' for email
PGP key ID: 0xFA687324
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCC344T1rWTfpocyQRAryPAJ0dxfmAQu9EgTWlNKdSQ5rr7IphVgCfW7R1
HnuqAwK/HMvi1BWIOetm460=
=6AO5
-----END PGP SIGNATURE-----


Re: Block MSN Messenger by router rules (Netgear DG834)
On Thu, 10 Feb 2005 05:38:43 -0800, "Charles Newman"


Quoted text here. Click to load it

Dont talk rubbish, you clearly have no idea of how HTTP *actually* works,
in particular the use of application specific mime-types by IM clients
tunnelling over it.  



--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone


Site Timeline