Firewall Settings to Block Messenger Access

On Tue, 09 Nov 2004 14:02:39 GMT, John F Kappler spoketh
;; QUESTION SECTION: ;login.passport.com. IN A
;; ANSWER SECTION: login.passport.com. 61 IN A 65.54.183.198 login.passport.com. 61 IN A 65.54.179.198
So, currently, those are the two IP addresses is use by that host name. If you block those, you'll block access to everything using the MS passport service, including Messenger, MSN, Hotmail and anything you need to log in to get at Microsoft.
If you have your own DNS server, you might be able to put in a dummy entry for this host, so that it will never resolve to an external IP address.
As with many IM packages, it's almost easier to remove the software than to try to block it at the firewall...
Lars M. Hansen
formatting link
(replace 'badnews' with 'news' in e-mail address)
Reply to
Lars M. Hansen
Loading thread data ...
I need to set the Firewall settings in my Draytek Router to block
access to (and from?) Messenger.
I've done a search here, and a Google search, but seem to find mixed
answers, many of which contradict each other...
Some list various Ports to block, but then Messenger appears to use
Port 80 which is needed for other things.
Some list IP Addresses, but the lists vary, and there appear to be new
addresses getting added regularly.
One post suggested blocking access to
formatting link
but
I dont understand how to do that on my router without knowing an IP
address.
Any help would be much appreciated, especially if you can relate what
I need to do to the Draytek Firewall parameters.
TIA,
JohnK
Reply to
John F Kappler
It looks like they're using round robin DNS or something like f5's 3DNS. Currently the IPs are 65.54.179.198 and 65.54.183.198 but those may change on a regular basis.
The problem with most IM services is that there also Java versions of the IM app that may or may not use the same ports.
See
formatting link
and
formatting link
Is there a particular reason you need to block IM services? If it's part of something like Sarbanes-Oxley compliance, you could always set up a jabber server and force your users to use its gateways to outside IM services.
formatting link
-Gary
Reply to
Gary
Snip>
Thanks for that guys. I've set up rules to block access to those two IP Addresses but it doesn't seem to stop me signing in?
I haven't specified any Port numbers in the rule. I'd assument this would be for all Ports - or is that a rash assumption?
JK
Reply to
John F Kappler
On Tue, 09 Nov 2004 15:46:16 GMT, John F Kappler spoketh
If you are running Windows 2000 or Windows XP, then it's because your computer keeps a cache of resolved addresses. To clear it, open a console window (start->run and type cmd (and hit enter)). Then do a "ipconfig /flushdns" to clear out the cache. This will cause your system to have to resolve everything all over again.
Lars M. Hansen
formatting link
Remove "bad" from my e-mail address to contact me. "If you try to fail, and succeed, which have you done?"
Reply to
Lars M. Hansen
Then Messenger must be authenticating to a different host. You might use ethereal to get a dump of the traffic on your PC. Or you could install GAIM and see what host they list for connecting to. Otherwise, there might be a GAIM or Trillian message board that you could query.
-Gary
Reply to
Gary
The only way I know of to block the messenger application (not the service) is to disable it via group policy. E.
Reply to
E.
a simple fudge i did on a client was to set internet messenger with a faulty sock proxy server and this stopped it!!!. you might be able to lock this down with a registry change..
a slightly drunk
john
Reply to
jp

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.