11-16-2004 11:35 PM - edited 03-09-2019 09:28 AM
Hi there,
I've already block http/s,ftp, but how to block any chatting program like msn messenger,yahoo,oeven skype..
Thanks
Tonny
Solved! Go to Solution.
11-17-2004 01:11 AM
Tonny, I feel your pain,
To my knowledge to only way to block IM's is by actually closing the ports they ride on. I have listed them below. However, although port 80 is not the primary port for Yahoo, the Yahoo IM will search for 80 to use, if it can't find it's own default port. Skype itself uses port 80, and port 443 by default. So it will be more of a challenge for you. I do know that Skype will become sluggish and error out, of course causing the end user enough frustration that they may not use it at all.
Also know, ( and you may already ) a program called Trillian combines the features of all three of major IM's, I am not sure of the ports that Trillian uses, but you should be able to find out.
Anyway I hope this helps.
AOL Instant Messenger
o 5190 (outbound TCP)
o login.oscar.aol.com
· Microsoft .NET Messenger
o 1863 (outbound TCP)
o 5060 for Session Initiation Protocol (SIP) (TCP) §
o 1503 for Audio/Video, File Sharing and White Board (TCP) §
o 6891-6900 for File Transfer (TCP) §
o 3389 for Remote Assistance (TCP) §
· Yahoo! Messenger
o 5050 (outbound TCP)
o 5101 (inbound TCP)
o 5100 for webcam (TCP)
o 5001 for voice (TCP)
o For voice: cs1.yahoo.com, cs2.yahoo.com, and cs3.yahoo.com
o Yahoo will search ports 5050, 80, 20, 21, 25, 37 and 119 if 5050 is blocked
11-17-2004 01:12 AM
Hi tonny,
these messenger services will work on one of the UDP ports defined, but if that TCP port doesnt connect, they try on port 80 and get connected. i presume , you have just allowed port 80 from inside to outside and blocked everything else.. am i right ? even in this case, these services might work, because it gets connected through port 80, and obviously, you cannot block port 80, as it will stop your entire browsing.
the standard ports for these messenger services are as follows:
Yahoo:
TCP: 80, 5000-5050
UDP: 5000-5050
MSN:
TCP: 1863,
UDP: 1503, 3389, 5004-65535
AOL IM:
TCP: 5190-5193
UDP: 5190-5193
Try blocking these.. incase it doesnt work, you need to block http access to yahoo/msn messenger IP addresses.
for msn messenger, you can block http access to the IP range 207.46.104.0 255.255.255.0
you can easily block these, if you are using any proxy based softwares like websense.. this will block connections based on the applications..
Hope this helps !!
All the best !!
11-17-2004 01:11 AM
Tonny, I feel your pain,
To my knowledge to only way to block IM's is by actually closing the ports they ride on. I have listed them below. However, although port 80 is not the primary port for Yahoo, the Yahoo IM will search for 80 to use, if it can't find it's own default port. Skype itself uses port 80, and port 443 by default. So it will be more of a challenge for you. I do know that Skype will become sluggish and error out, of course causing the end user enough frustration that they may not use it at all.
Also know, ( and you may already ) a program called Trillian combines the features of all three of major IM's, I am not sure of the ports that Trillian uses, but you should be able to find out.
Anyway I hope this helps.
AOL Instant Messenger
o 5190 (outbound TCP)
o login.oscar.aol.com
· Microsoft .NET Messenger
o 1863 (outbound TCP)
o 5060 for Session Initiation Protocol (SIP) (TCP) §
o 1503 for Audio/Video, File Sharing and White Board (TCP) §
o 6891-6900 for File Transfer (TCP) §
o 3389 for Remote Assistance (TCP) §
· Yahoo! Messenger
o 5050 (outbound TCP)
o 5101 (inbound TCP)
o 5100 for webcam (TCP)
o 5001 for voice (TCP)
o For voice: cs1.yahoo.com, cs2.yahoo.com, and cs3.yahoo.com
o Yahoo will search ports 5050, 80, 20, 21, 25, 37 and 119 if 5050 is blocked
11-17-2004 01:12 AM
Hi tonny,
these messenger services will work on one of the UDP ports defined, but if that TCP port doesnt connect, they try on port 80 and get connected. i presume , you have just allowed port 80 from inside to outside and blocked everything else.. am i right ? even in this case, these services might work, because it gets connected through port 80, and obviously, you cannot block port 80, as it will stop your entire browsing.
the standard ports for these messenger services are as follows:
Yahoo:
TCP: 80, 5000-5050
UDP: 5000-5050
MSN:
TCP: 1863,
UDP: 1503, 3389, 5004-65535
AOL IM:
TCP: 5190-5193
UDP: 5190-5193
Try blocking these.. incase it doesnt work, you need to block http access to yahoo/msn messenger IP addresses.
for msn messenger, you can block http access to the IP range 207.46.104.0 255.255.255.0
you can easily block these, if you are using any proxy based softwares like websense.. this will block connections based on the applications..
Hope this helps !!
All the best !!
11-17-2004 06:36 PM
Hi Tonny,
This is the simplest way to block any p2p or chat program:
At the \winnt\system32\drivers\etc\hosts, insert this
127.0.0.1 gateway.messenger.hotmail.com
This will 100% work to block msn messenger.
Kelvin
11-19-2004 08:47 PM
Hello,
Thanks for replying with useful answers, but is it possible to block any auto update software, for example norton antivirus liveupdate?
Thanks
Tonny
11-23-2004 02:29 AM
I don't think you can block this from the PIX, but while installing the server ( Norton software ), it can be done there, just DENY Updates, or maybe it can be done on the client side although that may be administratively cumbersome.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide