Announcement

Collapse
No announcement yet.

blocking msn live

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • blocking msn live

    Hi guys

    Is there a way to block usage of msn live? E.g. some sort of regedit or a false entry on a dns server.
    Unfortunately we don't have an isa server.

    Thanks in advance

  • #2
    Re: blocking msn live

    Do you have any type of firewall installed??

    Comment


    • #3
      Re: blocking msn live

      yes we have a nokia with Checkpoint. We blocked port number 1863 however from my understanding msn will then use port 80 which we cannot block.
      I have read a few articles on the web however none seem to be in concrete.

      Comment


      • #4
        Re: blocking msn live

        isn't there an option within SmartDefense?
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: blocking msn live

          Thanks for that just checked with the network guy here and our smart defence has not been updated since 2003. We are trying to find the login details to update.
          If we are unable to obtain the login details to update is there an alternative way of blocking.

          Comment


          • #6
            Re: blocking msn live

            Find all the ipadresses used by msn (using smartview tracker (i thought there where 8 addresses) and give them a deny.
            Ohh, i hope you paid you're smartdefense subscription, otherwise it's useless to search the login credentials for now
            Last edited by Dumber; 10th May 2007, 21:09.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: blocking msn live

              it seems we have not paid for smartdefence is there another method we can use

              Comment


              • #8
                Re: blocking msn live

                hmmm what i should do is the following.
                Start smartview tracker.
                Create a filter to monitor all traffic from a certain client.

                Repeat the following until he can't connect anymore:
                Let him connect to MSN.
                Write down the IP adress where he's starting the connection with.
                Set a deny for that IPaddress or subnet in CP.

                This will take quite a lot of time for filtering...

                However, i should recommend to start using a proxyserver like ISA server or get a subscription for Checkpoint:
                http://www.checkpoint.com/defense/ad...ai-23-Nov.html
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: blocking msn live

                  Hi, Uninstall the MSN from admin acc.
                  prabu

                  Comment


                  • #10
                    Re: blocking msn live

                    HI

                    Block in checkpoint...

                    Address: messenger.hotmail.com (IP : 65.54.239.140)
                    Port: 1863

                    REgards

                    Prabu
                    prabu

                    Comment


                    • #11
                      Re: blocking msn live

                      Prabu,

                      Are you really sure that's the only IPaddress MSN uses?
                      Marcel
                      Technical Consultant
                      Netherlands
                      http://www.phetios.com
                      http://blog.nessus.nl

                      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                      "No matter how secure, there is always the human factor."

                      "Enjoy life today, tomorrow may never come."
                      "If you're going through hell, keep going. ~Winston Churchill"

                      Comment


                      • #12
                        Re: blocking msn live

                        http://login.live.com
                        https://login.live.com
                        http://spaces.live.com
                        http://207.46.25.5
                        http://207.46.25.9

                        you could also block the header "User-Agent:" from being sent, as it is used to log onto MSN live.
                        etherape shows:
                        0000 00 10 2f 0d 20 00 00 11 11 c3 b6 b6 08 00 45 00 ../. .........E.
                        ..............
                        "..User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Windows Live Messenger 8.1.017..Host: images-origin.match.com..Connection: Keep-Alive..
                        01a0 0d 0a this is the line in question



                        the IP addresses differ depending on your DNS, that is why i prefer name resolution to block vs IP. it also accomadates blocks on IP pools as well... like ntp.time.pool or things like that.
                        Last edited by James Haynes; 17th May 2007, 18:33. Reason: i wanted to show a picture...
                        its easier to beg forgiveness than ask permission.
                        Give karma where karma is due...

                        Comment

                        Working...
                        X