Blocking MSN Messenger with a firewall???
Discussion
Anyone know how i can block MSN messenger entirely with a "Basic" firewall..
Got a punter with an "abuse" issue and we need to block access to MSN messenger, the trouble is, this is a really simple "internet starter solution", so it's just a DSL router with a SIF...
Any ideas folks?
TIA,
slinky
Got a punter with an "abuse" issue and we need to block access to MSN messenger, the trouble is, this is a really simple "internet starter solution", so it's just a DSL router with a SIF...
Any ideas folks?
TIA,
slinky
It uses many by all accounts, 569 is one.
Remember to block access to www.e-messenger.net also as this allows you to use MSN in a browser...
Remember to block access to www.e-messenger.net also as this allows you to use MSN in a browser...
Cheers, I'll do a bit more digging as well..
Unfortunately, it doesn't appear as though we can block specific sites on the routers that we use, (although I need to double check that one!), but on the other hand, the users aren't generally savvy enough to go and find the alternative route!
slinky
Unfortunately, it doesn't appear as though we can block specific sites on the routers that we use, (although I need to double check that one!), but on the other hand, the users aren't generally savvy enough to go and find the alternative route!
slinky
Edit their hosts file on their machine or on the DNS box so that:
www.e-messenger.net resolves to 127.0.0.1
www.e-messenger.net resolves to 127.0.0.1
The trouble is, our customers use a variety of other web based utilities that require weird and wonderful ports to be used... Now I may be getting my "porting" mixed up, but I don't think we can lock everything down..
I could just do with finding out exactly what ports we could specifically block to stop the users from messing about with messenger..
slinky
I could just do with finding out exactly what ports we could specifically block to stop the users from messing about with messenger..
slinky
Will, is it MSN Messenger or Windows inbuilt messenger?
If it's the later you can stop it starting using group policies in gpedit.msc on his machine, the former, well MSN Messenger uses either random ports or port 80 (web) so you can't actually "block" MSN AFAIK. You could try killing port 443 which it uses for authentication and see where that gets you however.
If it's the later you can stop it starting using group policies in gpedit.msc on his machine, the former, well MSN Messenger uses either random ports or port 80 (web) so you can't actually "block" MSN AFAIK. You could try killing port 443 which it uses for authentication and see where that gets you however.
James here;
going to say if using XP etc use GPedit.msc and turn it off!
Assuming he/she is not a computer bod who has acess to the group policy. Or do it on the local machine if they don't know what they are doing.
From memory messenger is under(in GP policy)
computer configeration/system/windows components/msn messenger.
This is of the top of my head but should be about right.
I've done it at work any how......
going to say if using XP etc use GPedit.msc and turn it off!
Assuming he/she is not a computer bod who has acess to the group policy. Or do it on the local machine if they don't know what they are doing.
From memory messenger is under(in GP policy)
computer configeration/system/windows components/msn messenger.
This is of the top of my head but should be about right.
I've done it at work any how......
cheers for all of you help guys...
The scenario is this..
X number of client pc's in workgroup (of variable OS's)
1 broadband router
Our company, although they really really should, don't go anywhere near the likes of group policy, so that makes this one slightly tricky...
Although we provide an "internet starter solution" we don't provide any support on the O/S so will most probably end up just telling the customer that they need to use their own internal company policy to bar the usage of messenger software...
Crap I know, but what can you do when working within support for a large corporate that doesn't take responsibility!!!
Once again, thanks for all of your help..
slinky
The scenario is this..
X number of client pc's in workgroup (of variable OS's)
1 broadband router
Our company, although they really really should, don't go anywhere near the likes of group policy, so that makes this one slightly tricky...
Although we provide an "internet starter solution" we don't provide any support on the O/S so will most probably end up just telling the customer that they need to use their own internal company policy to bar the usage of messenger software...
Crap I know, but what can you do when working within support for a large corporate that doesn't take responsibility!!!
Once again, thanks for all of your help..
slinky
Can I also ask has anyone found a way of getting rid (uninstalling) of the bloody thing once and for all. I hate the bloody green & white Pawn's sitting in my system tray (I have them not shown/viewed on XP but they are still there).
I don't using Messenger and I do not want to use messenger, unless I can send a MSN Message to Seatlle and tell Bill where he can shove it, then delete it.
>> Edited by FourWheelDrift on Thursday 30th September 21:19
I don't using Messenger and I do not want to use messenger, unless I can send a MSN Message to Seatlle and tell Bill where he can shove it, then delete it.
>> Edited by FourWheelDrift on Thursday 30th September 21:19
This is a guess but should work
Can you block IPs with this firewall? If so open up messenger and logon. check what IP it connect to with a netstat then block it redo this until messenger runs out of logon servers (probably no more than 5). This leaves the rest of the net untouched but messenger unable to function as I beleive it needs a central logon server
If not try this
This will not defeat anyone who is technically on the ball. Get the domain name of the login servers by technique above and knock up a hosts file with
127.0.0.1 "name of logon server"
save this in the appropriate place on each PC
windows for 95/98
system32driversetc for nt/2000/xp
bit of a pain as you have to put it on each pc but pc can no longer find logon servers.
Edit because I just spotted plotless suggested the localhost trick
>> Edited by malman on Saturday 2nd October 23:28
Can you block IPs with this firewall? If so open up messenger and logon. check what IP it connect to with a netstat then block it redo this until messenger runs out of logon servers (probably no more than 5). This leaves the rest of the net untouched but messenger unable to function as I beleive it needs a central logon server
If not try this
This will not defeat anyone who is technically on the ball. Get the domain name of the login servers by technique above and knock up a hosts file with
127.0.0.1 "name of logon server"
save this in the appropriate place on each PC
windows for 95/98
system32driversetc for nt/2000/xp
bit of a pain as you have to put it on each pc but pc can no longer find logon servers.
Edit because I just spotted plotless suggested the localhost trick
>> Edited by malman on Saturday 2nd October 23:28
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff