cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
590
Views
2
Helpful
5
Replies

How to block...

tonny_ecmyy
Level 1
Level 1

Hi there,

I've already block http/s,ftp, but how to block any chatting program like msn messenger,yahoo,oeven skype..

Thanks

Tonny

2 Accepted Solutions

Accepted Solutions

aftermath
Level 1
Level 1

Tonny, I feel your pain,

To my knowledge to only way to block IM's is by actually closing the ports they ride on. I have listed them below. However, although port 80 is not the primary port for Yahoo, the Yahoo IM will search for 80 to use, if it can't find it's own default port. Skype itself uses port 80, and port 443 by default. So it will be more of a challenge for you. I do know that Skype will become sluggish and error out, of course causing the end user enough frustration that they may not use it at all.

Also know, ( and you may already ) a program called Trillian combines the features of all three of major IM's, I am not sure of the ports that Trillian uses, but you should be able to find out.

Anyway I hope this helps.

AOL Instant Messenger

o 5190 (outbound TCP)

o login.oscar.aol.com

· Microsoft .NET Messenger

o 1863 (outbound TCP)

o 5060 for Session Initiation Protocol (SIP) (TCP) §

o 1503 for Audio/Video, File Sharing and White Board (TCP) §

o 6891-6900 for File Transfer (TCP) §

o 3389 for Remote Assistance (TCP) §

· Yahoo! Messenger

o 5050 (outbound TCP)

o 5101 (inbound TCP)

o 5100 for webcam (TCP)

o 5001 for voice (TCP)

o For voice: cs1.yahoo.com, cs2.yahoo.com, and cs3.yahoo.com

o Yahoo will search ports 5050, 80, 20, 21, 25, 37 and 119 if 5050 is blocked

View solution in original post

sachinraja
Level 9
Level 9

Hi tonny,

these messenger services will work on one of the UDP ports defined, but if that TCP port doesnt connect, they try on port 80 and get connected. i presume , you have just allowed port 80 from inside to outside and blocked everything else.. am i right ? even in this case, these services might work, because it gets connected through port 80, and obviously, you cannot block port 80, as it will stop your entire browsing.

the standard ports for these messenger services are as follows:

Yahoo:

TCP: 80, 5000-5050

UDP: 5000-5050

MSN:

TCP: 1863,

UDP: 1503, 3389, 5004-65535

AOL IM:

TCP: 5190-5193

UDP: 5190-5193

Try blocking these.. incase it doesnt work, you need to block http access to yahoo/msn messenger IP addresses.

for msn messenger, you can block http access to the IP range 207.46.104.0 255.255.255.0

you can easily block these, if you are using any proxy based softwares like websense.. this will block connections based on the applications..

Hope this helps !!

All the best !!

View solution in original post

5 Replies 5

aftermath
Level 1
Level 1

Tonny, I feel your pain,

To my knowledge to only way to block IM's is by actually closing the ports they ride on. I have listed them below. However, although port 80 is not the primary port for Yahoo, the Yahoo IM will search for 80 to use, if it can't find it's own default port. Skype itself uses port 80, and port 443 by default. So it will be more of a challenge for you. I do know that Skype will become sluggish and error out, of course causing the end user enough frustration that they may not use it at all.

Also know, ( and you may already ) a program called Trillian combines the features of all three of major IM's, I am not sure of the ports that Trillian uses, but you should be able to find out.

Anyway I hope this helps.

AOL Instant Messenger

o 5190 (outbound TCP)

o login.oscar.aol.com

· Microsoft .NET Messenger

o 1863 (outbound TCP)

o 5060 for Session Initiation Protocol (SIP) (TCP) §

o 1503 for Audio/Video, File Sharing and White Board (TCP) §

o 6891-6900 for File Transfer (TCP) §

o 3389 for Remote Assistance (TCP) §

· Yahoo! Messenger

o 5050 (outbound TCP)

o 5101 (inbound TCP)

o 5100 for webcam (TCP)

o 5001 for voice (TCP)

o For voice: cs1.yahoo.com, cs2.yahoo.com, and cs3.yahoo.com

o Yahoo will search ports 5050, 80, 20, 21, 25, 37 and 119 if 5050 is blocked

sachinraja
Level 9
Level 9

Hi tonny,

these messenger services will work on one of the UDP ports defined, but if that TCP port doesnt connect, they try on port 80 and get connected. i presume , you have just allowed port 80 from inside to outside and blocked everything else.. am i right ? even in this case, these services might work, because it gets connected through port 80, and obviously, you cannot block port 80, as it will stop your entire browsing.

the standard ports for these messenger services are as follows:

Yahoo:

TCP: 80, 5000-5050

UDP: 5000-5050

MSN:

TCP: 1863,

UDP: 1503, 3389, 5004-65535

AOL IM:

TCP: 5190-5193

UDP: 5190-5193

Try blocking these.. incase it doesnt work, you need to block http access to yahoo/msn messenger IP addresses.

for msn messenger, you can block http access to the IP range 207.46.104.0 255.255.255.0

you can easily block these, if you are using any proxy based softwares like websense.. this will block connections based on the applications..

Hope this helps !!

All the best !!

wanghmk1223
Level 1
Level 1

Hi Tonny,

This is the simplest way to block any p2p or chat program:

At the \winnt\system32\drivers\etc\hosts, insert this

127.0.0.1 gateway.messenger.hotmail.com

This will 100% work to block msn messenger.

Kelvin

Hello,

Thanks for replying with useful answers, but is it possible to block any auto update software, for example norton antivirus liveupdate?

Thanks

Tonny

I don't think you can block this from the PIX, but while installing the server ( Norton software ), it can be done there, just DENY Updates, or maybe it can be done on the client side although that may be administratively cumbersome.

HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: