Re: Blocking Microsoft Messenger
From: karl [x y] (jamescagney90210@excite.com)
Date: 10/12/02
- Next message: Barry Clifton: "Re: Browser Hijack - ie 6"
- Previous message: karl [x y]: "Re: Crack Win98"
- In reply to: Bill Bird: "Blocking Microsoft Messenger"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "karl [x y]" <jamescagney90210@excite.com> Date: Sat, 12 Oct 2002 09:14:59 -0400
I assume you are blocking them at the firewall. Run Messenger and then
check the firewall logs to see what exactly is getting out and to where,
then modify the rules to block it. My guess is either you haven't blocked
enough IP addresses, or you didn't block all ports to the IP addresses you
already blocked, or your firewall rules are not in the right order or are
not configured the way you think they are.
Blocking IM by port number is not very effective, though for better security
its probably a good idea to consider blocking ALL ports [both inbound and
outbound] except the few ports that you have specifically identified and
allowed, instead of allowing all ports and just blocking a few.
If you have a DNS server [or have one or two Windows 2000 servers where DNS
services could be added], another option to use IN ADDITION to firewall
filtering, could be to add a new empty dummy DNS domain name that matches
the login name of the IM logon servers [which you can see by looking at the
firewall logs]. This only works if you use your firewall to block all DNS
except DNS from the DNS server, and set up all the clients [e.g. using DHCP]
to use your DNS servers. People could still potentially connect if they
already know the IP address of the login server, but this is not too likely.
"Bill Bird" <bbird@repro-tech.com> wrote in message
news:02c201c27161$cb11c120$35ef2ecf@TKMSFTNGXA11...
> I have tried unsuccessfully through my firewall to block
> Microsoft Messenger. Everytime I block one port it finds a
> way around and opens another. I have fully blocked the
> port range 3000-3999 it then opens a connection via port 80
> (HTTP). I have also blocked the entire subnet 64.4.13.1
> thru 254. I have also blocked the logon servers:
> gateway.messenger.hotmail.com and the
> http1.msgr.hotmail.com thru http20.msgr.hotmail.com. What
> other options do I have? It seems as though Microsoft is
> worried about their software being hack proof but the
> people that worry about their networks being hacked into
> via their applications, they could care less about. Is
> this selective hacking?
- Next message: Barry Clifton: "Re: Browser Hijack - ie 6"
- Previous message: karl [x y]: "Re: Crack Win98"
- In reply to: Bill Bird: "Blocking Microsoft Messenger"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
