cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
840
Views
3
Helpful
2
Replies

Blocking yahoo & msn chat using cisco pix 515E

mahavirsj
Level 1
Level 1

I have a cisco pix 515E ver 6.0(1).

I need to block yahoo & MSN chat organisation wide.How do I do it?

Is there any way to block uisng Cisco PIX ,I do not want to use any application s/w or proxy server to do this.

I tried to use conduit statements but that did not work.

Currently I am natting the whole internal suubnet to a valid ip & have not blocked anything.Can I just block chat ports if yes what are these ports.

Thanks

Regards

Mahavir

2 Replies 2

jasobrown
Level 1
Level 1

You can try to just block the basic "chat" ports but this will hardly stop them. The Clients will use any open port that they can to communicate with the server. You have to block ALL of the destination addresses (and there are a lot) for AOL, Yahoo, MSN, ICQ etc etc.

Checkpoint allows you to block by http header information (if using port 80) but there is no easy way around this without using application s/w as you stated you do not want to do.

Here is what I did on a client Checkpoint Firewall that is working (for now - until they add a new server)

Block Servers:

AOL

205.188.179.233

64.12.161.153

64.12.161.185

64.12.200.89

Messenger

207.46.104.20

63.208.13.126

64.4.12.200

64.4.12.201

65.54.131.249

65.54.194.118

65.54.211.61

207.46.110.2

Yahoo

66.163.168.117

216.136.173.169

66.163.173.200

216.136.128.145

216.136.128.167

66.163.168.107

66.163.169.134

66.163.169.135

216.136.224.236

216.136.173.168

216.155.193.128-216.155.193.135

216.155.193.152-216.155.193.159

216.155.193.168-216.155.193.176

Then I just blocked the basic ports for the apps (but if a new server comes on line the app can still use port 80 etc)

AOL - TCP 5190

ICQ_locator - UDP 4000

MSN Messenger

UDP 1863

UDP 5190

MSN File Transfer TCP 6891-6900

MSN Messenger - TCP1863

MSN Messenger Voice - UDP 6901

Yahoo

TCP 5050

Voice Chat - TCP 5000-5001

Webcams - TCP 5100

UDP 5000-5010

p.dimitrije
Level 1
Level 1

When it comes to filtering such specific traffic, you may have some problems configuring that on a PIX. You could block the destination addresses, but a much better solution is to use some sort of filtering. I sugest you use Web Sence (http://www.websense.com/) or N2H2 (http://www.n2h2.com/). N2H2 version I used (well tried to use) was for RedHat advance servers. WebSence how ever works just fine. This will not only allow you to filter out chat, but practicly anything you might want to.