How to block messenger?

[mark1171]

My machines are connecting through WinGate via NAT,and trying to Block
Messenger and everytime I block a port it creates a new.
I event try to block the IP´s number and new IPs came up.

Is there anyway to block this access to messenger via wingate?
or what ports should I to block?

Blocked Ports
1863, 3389 4172,4272,5004-65635

IP´s
66.74.76.246
68.49.28.51
81.217.26.68
168.254.146.123

Thanks

[MattP]

Hi Mark,

That's the painful thing about blocking messenger apps, they just find another way to connect. Have you considered using the WinGate Internet Client (WGIC)? Using the WGIC with an Enterprise license allows you to control which applications are allowed to run on your network, so you could create a policy to stop messenger from even opening on the client machines.

[n0ticer]

mark1171

i like to help...

in our company YM is allowed. but i found a way to only use the messaging or chatting feature of YM, limiting it using wingate policies.

in WWW Proxy Server Service > Policies > Ban list... I had the following ruleset

below are some of the keywords I used:

This Criterion is met if HTTP URL
contains "pgq.yahoo.com" or "pgq.yahoo.com/feed/pg4" <-- prevents YM from running certain service...ads, prompts, etc.

This Criterion is met if HTTP URL
contains "insider.msg.yahoo.com" or "/ycontent/" <-- blocks insider or yahoo rooms

This Criterion is met if HTTP URL
contains "/download.yahoo.com/" <-- prevents YM from downloading .cab files & promo updates

pls note that transparent redirection is also set.


i believe these rules had made YM paralyzed a bit. Preventing it from using other ports except port 5050 (juz a hunch)


Now, in Extended Networking service > Port Security > select Lan Connections to internet > I also place an allow rule on both tcp & udp:


Allow 5000-5001 Yahoo! Voice Chat
Allow 5050 Yahoo! Messaging
Allow 5100 Yahoo! Webcam
Allow 5101 Yahoo! P2P

When I read ur post, i juz simply set 5050 on Deny mode & YM juz cuddnt connect then.

Our YM is ver 5.6, becoz no updates has ever taken. I'm not sure if the trick applies to later versions. hope these helps

tnx

[mark1171]

MattP;
I a Professional version, so cannot block apps.

n0ticer;
Thank you very much, but I´m trying to block the MSN Messeger and Do you know the way to do it.

see you..

[n0ticer]

n0ticer;
Thank you very much, but I´m trying to block the MSN Messeger and Do you know the way to do it.

mark1171,

Im not at the office ryt now & we dont use msn messenger. this is juz from my notes...

try these over WWW Proxy Server & Extended Networking service


all criterions if met....

Server IP address equals

194.130.106.132
195.33.103.52
207.46.110.48
207.46.110.254
213.199.154.54
216.178.160.34
207.68.178.239
213.199.154.11
213.249.102.94


Server IP address begins with

207.68.
64.
207.46.104.
207.46.110.


HTTP URL or Seerver address contains

passport.com
webmessenger.msn.com
messenger.hotmail.com

[ChrisH]

MattP;
I a Professional version, so cannot block apps.

Oh you can still block apps - you just don't have the central administration feature of the Enterprise version.
How many end users/machines are we talking about? How computer savvy are they? What OS is on the client machines? In my experience the WGIC does a good job of letting WG know about the machine, user and app trying to connect. However, I have seen smart users change the name of the app to sometthing else and circumvent some of the policies.

MEssenger can also be set up to use a proxy - In Messenger, Tools-> Options-> Connection select proxy server and choose socks 4 or 5 then Insert name of WG machine. Then set up SOCKS proxy server in WG with approprate policies. Client will receive message box frrom messenger saying something is wrong with connection etc if you restrict this proxy. This might be an alternative for you. However it is relatively easy for end user to change back to NAT setting -so that's why I ask question about how smart your end users are.

Also depending on your client machines OS you can develop a local security policy not to allow software to run.

[Nev]

Hi all, might as well have my 6d worth on this too.

From another angle and probably useless, but Group Policy on later O/s allows 'Disable MSN' and 'Don not allow to start automatically' when for example the user opens OE. This is found under Windows Components.

Difficult to useless I know unless AD is in use or a small organisation.

Just a thought on how I pad this one out of networks.

[corcoran]

In the GP, isn't this Windows Messenger?? Which i've found to be a real pain in the bum and different in everyway to Msn messenger?

[Nev]

No, Windows Messenger is a service embedded in the O/s which reports something like: Sends and receives messages transmitted by administrators or by the Alerter service.

Whilst MSN is an application installed for IM via that network, similarly to AOL or AIM, of which the latter I no longer use due to the security risks and malware present in that system.

If you configure the GP on a machine [later o/ses only] MSN Messenger can be denied access to run without response to the user. :-)

My approach to this is always use Proxies, Enable T/r and if requested by the owner, apply a system policy: not server contains msn ninemsn etc.