RE: Best means to block MSN Messenger, AIM and other chat programs?
From: Kevin Brown (kbrownfox@home.com)Date: 02/25/02
- Previous message: Holger Thon: "Disabling port 32771 udp (squid)"
- In reply to: Bejon Parsinia: "RE: Best means to block MSN Messenger, AIM and other chat programs?"
- Next in thread: ktabic: "Re: Best means to block MSN Messenger, AIM and other chat programs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kevin Brown" <kbrownfox@home.com> To: <bejon@supertel.com>, "'KEN MORRIS'" <KMORRIS@kpl.org>, <security-basics@securityfocus.com> Date: Sun, 24 Feb 2002 21:51:45 -0500
FYI, Messenger on XP uses SIP instead of H.323. You would need to also block TCP 5060-5061 and UDP 5060 if users are using XP.
Brownfox
-----Original Message-----
From: Bejon Parsinia [mailto:bejon@supertel.com]
Sent: Thursday, February 21, 2002 1:01 PM
To: 'KEN MORRIS'; security-basics@securityfocus.com
Subject: RE: Best means to block MSN Messenger, AIM and other chat
programs?
I have worked with MSN Messenger issues in the past. The problem with MSN
is that it uses the H.323 protocol for the capabilities of VOIP (netmeeting)
and Video Conferencing (also netmeeting). H.323 uses dynamically assigned
ports that span a great range of UDP ports. Check out this url for
information regarding Microsoft's statement on using Netmeeting with a
firewall:
http://www.microsoft.com/windows/NetMeeting/Corp/reskit/Chapter4/default.asp
. Because Microsoft has intermingled the technologies of netmeeting and MSN
in a tightly woven package, it is almost as if one won't exist without the
other. If I remember correctly, there are as many as 2000 dynamically
assignable UDP ports for use in MSN Messenger (and netmeeting).
If you are in a Win2k/NT environment, I suggest that you restrict individual
users from having administrative rights on their local machines. This will
prevent them from being able to install software. Then, you will have to
remove the unwanted chat applications manually. Thus ends the fix on the
independent machines on your wire.
Then, you may be able to block off all of the UDP ports for incoming and
outgoing traffic, but there is a great chance that these ports are needed
for other applications. Speaking of Netmeeting, there are other ports
listed on the link I provided above that will also need to be restricted. I
suggest you set up deny rules for those ports as well.
Good luck!
Bejon Parsinia
-----Original Message-----
From: KEN MORRIS [mailto:KMORRIS@kpl.org]
Sent: Wednesday, February 20, 2002 8:31 AM
To: security-basics@securityfocus.com
Subject: Best means to block MSN Messenger, AIM and other chat programs?
Hello,
I am using both filtering software and Firewall (GNat Box) to try to
block out the use of several chat programs. On the FW I have blocked
ports:
4000 - ICQ
1863 - MSN Messenger
5050 - AOL and
5190 for Yahoo
After having set up the blocking rule, I then tested MSN Messenger in
the system. Problem being that it was still accessible.
Any suggestions as to how to block the use of the programs at the
firewall would be greatly appreciated.
Thank you
Ken Morris
- Previous message: Holger Thon: "Disabling port 32771 udp (squid)"
- In reply to: Bejon Parsinia: "RE: Best means to block MSN Messenger, AIM and other chat programs?"
- Next in thread: ktabic: "Re: Best means to block MSN Messenger, AIM and other chat programs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
