It seems so easy - just block the default control port (1863), and you're done, right? Wrong. This is because the Microsofties, those little devils, have decided to make MSN Messenger "compatible" with firewalls. Therefore, it will try port 1863 first. If this doesn't fly, it will then imitate web-traffic (port 80). So blocking out port 1863 will only disable some of the advanced features, like voice chat. But not the basic Messenger functionality.
If you are using an application-proxy like SOCKS for all your users web-browsing then you could manipulate the SOCKS config to disable Messenger connections. Another (inelegant) way is to block out access to the Microsoft messenger servers by IP address - access-lists, routes to Null, that kind of thing. Just be careful that you don't inadvertently block out access to web pages at the Microsoft website, cuz it would suck if you denied your NT/2000 sysadmins the crucial ability to consult Microsoft for techsupport. Yet another way is to change the DNS config files to send Messenger requests to a bogus address. Of course this works only if you're running your own DNS servers, and not using your providers. But truly the best way is to simply have company policy that bans messenger. ""Engelhard M. Labiro"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > It uses TCP port 1863. See the detail at MSN page itself > http://messenger.msn.com/support/firewall.asp > > HTH > > > Can anyone tell me how can I block msn messanger on my > network..What > > port in the access list should I block to stop workers from using msn > > messanger ??Does it uses a fix port ?I am using 2503 router with NAT > enabled Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30904&t=30891 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]