Block MSN Messenger by router rules (Netgear DG834)

Hello All,

FWIW...

To block access to the .Net Messenger service or MSN Web Messenger: 1. Block outbound access to TCP port 1863. 2. Block HTTP access to messenger.hotmail.com.

If you would like to block access to MSN Web Messenger you will also need to block HTTP access to webmessenger.msn.com.

Systemguy

Well, I am just going on what I was taught in computer networking class several years ago. We were tuaght how to do it using NAT and with software firewalls. It was drummed into us that NAT was the way to go and software firewalls were superior to hardware appliances. That is the way they did it when I was in college. I am going on what they tuaght us, no more, no less.

You are most correct. It can still get through. What some people dont undestand is that port 80 is what throws the proverbial monkey-wrench into the works. The only other way is to uninstall Messenger. Although Microsoft does not want you to do this, blackviper.com, on its "super tweaks" page, tells you how to modify one file so that you can uninstall any Windows component, even those Microsoft does not want you to uninstall. What this does it makes these components visible in "Add/Remove components", then you can uninstall Messenger.

Nope..can still get through if above is followed. Only way I've stopped it to date is via Sygate personal firewall and application blocking by schedule. Only downside, is I have to be on the machine to alter it...Sygate can't be remotely administered.

Mick

If you put L7 edge filtering in & process the relevant http headers it wont get through.

greg

"Charles Newman" wrote in news: snipped-for-privacy@comcast.com:

Copy and paste the following line in the the Start/Run dialogue box. It will remove messenger from your machine. If you do not trust it, do a google search on 'remove messenger' and you will find it there and referred by reputable sites.

RunDll32 advpack.dll,LaunchINFSection %windir%\\INF\\msmsgs.inf,BLC.Remove

bdog

But they do understand that an examination of the traffic using port 80 will show whether or not it is Messenger traffic. This can be done with an external firewall box. The DG834 probably can't do this but I haven't checked.

If the DG384 can block particular destinations by IP address then it should be possible to block all destinations that messenger tries to connect to. Use of netstat on the PC running messenger will show these but it may be easier to use tcpview

the destination address that messenger is connected to then close messenger and try again. After a while you will have determined all possible destination addresses and it should then be unable to work.

Jason

"several years agp" - care to think about that little gem? What was the textbook that was used? Do you still have the book?

Either they didn't teach, or you failed to learn basic networking principles which isn't surprising as it's not a five minute lecture. A more reasonable expectation would be to have a 4 unit class (2 x 3 hour classes per week for a quarter/semester) on the fundamentals - that's using the Steven's book as a textbook.

What was the name of this college? When was it?

There's this other teacher called 'practical experience'. But both require a grounding in network fundamentals. Otherwise, you are clicking on some pretty icon, and think that has handled that. Hey, I had over a dozen classes in mathematics - does that make me an expert bean counter? I also know how to run a spreadsheet and database query tool. Heck I can even balance my check book without using 'gnucash' (one of those non-windoze programs you've never heard of).

Old guy

Not even : do you know

? Very usefull when your connection goes through a firewall that you don't manage ;-)

Marc

^^^^^^^^^^^^^^^^^

Are you running XP pro on both machines? If so, you can administer remotely by using Windows Remote Desktop.

How about netgear router? is there any way to block msn messenger/

snipped-for-privacy@w-manager.com

Block all outbound TCP traffic to 207.46.0.0/16 and your problem is solved.

What does the /16 mean? That was one thing we were never taught in networking class in college. Or did you make some kind of typo?

I took it in 1998, and they did not teach it then. We were taught on Windows NT Server, using NAT. We were taught to do everything within Windows, use NAT, and use software firewalls, if necessary.

When did you take this 'networking class' exactly ?

Unless it was prior to 1993/94, then the omission of CIDR notation from the syllabus is a clear indication that your 'networking class' was anything but.

He didn't. See RFCs 1518 & 1519 to complete your lamentable education.

They should have, CIDR notation was in common use throughout the industry by then.

NAT is *not* firewalling. Firewalls on their own are *not* security.

greg

They could have been teaching from textbooks supplied by Microsoft Press. The two official support books I have access to for NT3.51 don't mention CIDR, and in fact still discuss Class A/B/C. To be honest, it also mentions 'custom' network masks, but gives no indication what they might be. In the "Support Fundamentals For Microsoft Windows NT" (1996), they discuss setting network masks, but only show 255.255.0.0 and 255.255.255.0, and give no information on what those numbers mean, how they are chosen - just plug 'em in and everything will be fine. This was five years after we were using a /22 mask. The funnier thing is that the two other non-microsoft books I have access to on NT4.0 don't even mention network masks, and gloss over TCP/IP.

So Charles learned to click on some icon, and maybe learned some of the advanced stuff where you have to access a pull down menu. If that's the extent of his "training" course, it's no wonder he is having difficulties grasping fundamentals.

Hey, Charles, what do you think the network masks are for these two?

Cable & Wireless Americas Operations, Inc. CW-NET-208-138-16 208.138.16.0 - 208.138.47.255

International Communication Limited CWJM-203-0471 208.138.16.0 - 208.138.18.255

and no, I'm not making those up. Those are actual listings straight off the whois server at ARIN. Come to think of it - I wonder if Charles even knows who ARIN is?

Old guy

Well, the way we would to it would be to create three sets of netmasks, each containing

255.255.128.0

18-16=2

2/256=1/128

so 255.255.128.0

I know that ARIN is one of several registation directories around the world. ARIN stores data for the Amreicans, RIPE for Europe, and the Mideast, and APNIC for Australia, New Zealand, Oceania, and parts of Asia not covered by RIPE.

Why?

208.138.16.0 - 208.138.16.255 208.138.17.0 - 208.138.17.255 208.138.18.0 - 208.138.18.255

Do mine eyes deceive me, or is that _three_ ???

No, that would only give 208.138.16.0 to 208.138.17.255. And you didn't mention what mask covers the 16.0 - 47.255 assignment to C&W.

Here's another fun one for you:

inetnum: 193.164.228.0 - 193.164.232.95 netname: COUNCIL-OF-EUROPE-NET1 descr: COUNCIL OF EUROPE country: FR

The domain if you are interested is 'coe.int' and yes, that's right off the RIPE database this morning - although the domain assignment seems to go back before 2001. Or, how about this one, also from RIPE:

inetnum: 194.9.124.0 - 194.9.126.207 netname: RUHRCOM descr: RuhrCom on-line GmbH descr: Lohbachstrasse 12 descr: D-58239 Schwerte descr: Germany country: DE

which looks to go back to 1998. Lest you think I'm picking the unusual:

[compton ~]$ zgrep -cv ' 255\\.[0-2]' IP.ADDR/stats/[ALR]*gz IP.ADDR/stats/APNIC.gz:0 IP.ADDR/stats/ARIN.gz:2178 IP.ADDR/stats/LACNIC.gz:0 IP.ADDR/stats/RIPE.gz:208 [compton ~]$ zcat IP.ADDR/stats/[ALR]*gz | wc -l 65948 [compton ~]$ zcat IP.ADDR/stats/[ALR]*gz | awk '{ print $3 }' | grep '255\\.0' | sort | uniq -c 43 255.0.0.0 9532 255.255.0.0 29956 255.255.255.0 [compton ~]$.

there are about 2400 network assignments in the world (out of about 66,000 total) that do not use those nice even bit masks, and while nearly 60% of the assignments use byte aligned network masks, that means 40 percent do not. I'll bet those numbers are a little different from what you learned as the number of "Class A", "Class B" and "Class C" networks.

My friends in southern climes would remind you that the continents are called North and South America - so people in Alert (Ellesmere Island) and Port Williams in Chile are "Americans". On the other hand, ARIN _generally_ covers Canada, the USA, and roughly the Northern two-thirds of the Pacific and has older assignments throughout the world.

But you forgot LACNIC which generally covers Mexico and the Caribbean Islands South to Chile and Argentina, and that ARIN also shares coverage of Africa with RIPE.

Old guy