//flex table opened by JP
PDA

Click to See Complete Forum and Search --> : How to Block messenger at the firewall?

euphoryk
03-12-2005, 12:36 PM
Hi guys.

I'm pulling my hair out trying to get msn messenger from accessing it's login service, or just plain setting up rules in the firewall to prevent it from connecting.

Scenario: Network Domain, Internally we run the 'exchange' version of messenger.

want to block .net messenger users from logging into the service, while let certain 'power users' still have access.

seems like messenger finds other ports to go out through etc, if i block default port.

Any ideas? ports/urls?

firewall = Kerio Winroute Pro 6.0.6 i believe.

I'm about to run Sniffer Pro to log the packets, but am hoping i dont have to go that route.

all help appreciated. thanks.
Prushka
03-12-2005, 07:39 PM
Simple little program here...shoot the messenger...this will do the trick

http://grc.com/stm/shootthemessenger.htm

Sygate has an app list allowing for a choice to allow, ask, or block
I would think Kerio has the same
fancyf
03-12-2005, 10:16 PM
Prushka, the Windows Messenger service is different from Windows Messenger or MSN Messenger. Shoot The Messenger wouldn't help much.

euphoryk check these URLs:

Link 1 (http://www.plevna.f9.co.uk/blockmsnmessenger.htm)
Link 2 (http://www.weethet.nl/english/ipports.php)
Link 3 (http://messenger.jonathankay.com/allsteps.aspx?ID=16)
Link 4 (http://www.chebucto.ns.ca/~rakerman/port-table.html)

Also..
MSN Messenger can be blocked by blocking IP access to the Hotmail network range-64.4.0.0 through 64.4.63.255. Interestingly, this does not seem to totally block access to Hotmail's Web-based mail service.
euphoryk
03-14-2005, 06:11 PM
Thankyou.

I've visited some of the links you left.

Except for tek-tips. Because i forgot my passwd. And truly hate the fact that you need to register to view responses.

man i have a headache.

I tried previously implementing some of the advice contained in your links, but messenger seems to find it's way around.

This messenger **** should be illegal. It's not even funny.

man, i have a bigger headache now.

thanks once again for your input. Hopefully a solution is soon to be found.
cdroman
03-16-2005, 08:21 AM
You could use a more comprehensive firewall like http://www.tinysoftware.com/home/tiny2?la=EN that will allow you to prevent access by individual users to programs. They would not even be allowed to start MSN messenger. Others can be allowed total or differing access levels. Just a thought.