Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1077
Views
8
Helpful
6
Replies

Block MSN ???

rico_hao40
Level 1
Level 1

‎03-15-2007 01:15 PM - edited ‎03-05-2019 02:56 PM

Hi,

I have a PIX515 and I am trying to block MSN but all attempts failed. I use ethereal captured packets and block each possible destination nets. Later I found MSN tried to use 207.46.*.* port 80, but this IPs also use for windows auto-update, for sure I can not block it since I need update my windows. If MSN works like this, does that mean I can not block it??? It not make sense?

Any idea to block MSN ?

Thanks

Labels:
0 Helpful
6 Replies 6

bjw
Level 4
Level 4

‎03-15-2007 01:51 PM

I think that if you need any Micro$oft service connectivity, you're obligated to all of them.

Not sure if the 515 can block domains, you might want to look into blocking *.msn.com

flashsplash
Level 1
Level 1
In response to bjw

‎03-15-2007 02:40 PM

just block the port

0 Helpful

bmennenga
Level 1
Level 1

‎03-15-2007 05:44 PM

On an IOS firewall feature set you can enable the HTTP inspection and specifically limit access to certain domain names with the urlfilter exclusive deny msn.com command. The PIX relies fully on a URL filter server such as Websense. I'd setup the external router to do CBAC and enable the http inspection within CBAC.

rico_hao40
Level 1
Level 1

‎03-16-2007 06:36 AM

I also use Fortinet block

*messenger.hotmail.com

*messenger.msn.com

*msnmessenger.akadns.net

*webmessenger.msn.com

Looks like MSN use all these domain. so far so good, can block MSN and online-msn.

0 Helpful

hoogen_82
Level 4
Level 4

‎03-16-2007 06:59 AM

Check this link and try out their suggestions.

I think for MSN they say it uses MSNP (Microsoft) 1863

http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-2/instant_messaging.html

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_white_paper0900aecd802efa46.shtml

HTH

Hoogen

Do rate if this helps :)

0 Helpful

Amit Singh
Cisco Employee
Cisco Employee

‎03-16-2007 08:05 AM

Hello,

Upgrade you PIX to the latest 7.x series and you can use the URL filtering feature of the IOS to block the URL's that you dont want to permit for the users. It has more enhanced granular traffic filtering built into it.

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/firewall/filter.htm

HTH,Please rate if it does.

-amit singh

0 Helpful
Customers Also Viewed These Support Documents
Top