Sorry my 11th finger seemed to hit send..... >From several lists, but not tested thouroughly http://www.groupstudy.com/archives/cisco/200206/msg00480.html
Block Kazaa Kazaa connects to other peers running Kazaa, on port 1214. So, the best way to block Kazaa downloads is to reject incoming and outgoing data packets-both TCP and UDP packets-on this port. Block Gnutella clients The P2P apps, which use the Gnutella network connect to peers on ports 6346 and 6347. AOL instant messenger can be blocked by filtering out the following I.P. addresses: But BLOCK internal DNS server AOL's DNS first BLOCK out from /32 to 205.188.0.0/16 port = 53 aim.aol.com login.oscar.aol.com 64.12.161.153 bucp1-vip-m.blue.aol.com 64.12.161.185 bucp2-vip-m.blue.aol.com 152.163.214.75 bucp-r01.blue.aol.com 152.163.214.76 bucp-r02.blue.aol.com 152.163.214.108 bucp-r03.blue.aol.com 152.163.242.24 152.163.241.120 152.163.241.128 152.163.241.96 205.188.1.56 205.188.3.160 205.188.3.176 205.188.4.106 205.188.5.204 205.188.5.208 205.188.7.164 205.188.7.168 205.188.7.172 205.188.7.176 205.188.147.114 205.188.147.113 205.188.147.114 205.188.148.180 205.188.148.181 AOL Instant Messenger - Ok, I have been able to block this one with pretty solid results. I had to pretty much block 1 class C's worth of addresses in the 64 region of AOL's address range, but have not heard any complaints thus far. The program is pretty damn smart about getting around rules in your firewall. It will try and use FTP, TELNET, HTTP, FINGER, NETBIOS over IP, APPLETALK over IP, 1080 (SOCKS), 1024, Lotus Notes (TCP 1352) and a few others. I pretty much locked the subnet down but AIM was somehow getting through. I finally figured out that my CheckPoint firewall was allowing DNS traffic outbound in my rule base above rule 1. I had to go to the Properties section and disable the implicit access to DNS (TCP/UDP 53). Once I did that, it killed AIM altogether. DNS name of login.oscar.aol.com which is used to login to aol instant messenger. block yahoo messenger msg.sc5.yahoo.com msg.yahoo.com msg.edit.yahoo.com messenger.yahoo.com http.pager.yahoo.com cs.yahoo.com Default Port: 5050 216.136.175.145 216.136.224.213 216.136.224.214 216.136.225.11 216.136.225.12 216.136.225.35 216.136.225.36 216.136.225.83 216.136.225.84 216.136.226.117 216.136.226.118 216.136.131.93 216.136.175.142 216.136.175.143 216.136.175.144 access-list 101 deny ip 10.1.4.0 0.0.0.255 216.136.0.0 0.0.255.255 access-list 101 deny ip 10.1.4.0 0.0.0.255 66.163.0.0 0.0.255.255 access-list 101 deny ip 10.1.4.0 0.0.0.255 64.58.0.0 0.0.255.255 Test first. MSN gateway.messenger.hotmail.com Messenger uses port 1863, but if you block it then it can automatically switch to port 80. 1. Add the following registry key into client machines either through login script or similar: HKLM\SOFTWARE\Policies\Microsoft\Messenger\Client\PreventRun=1 This will prevent Messenger from running, whether or not it is installed. Because this key isn't modified during a Messenger install/re-install/upgrade, and isn't removed if the software is uninstalled, this should work for you. Nov. 9, and there were multiple login servers, where in the past there was only one. By Nov. 29, it appeared that there were login servers at addresses 64.4.13.17 64.4.13.170 through 64.4.13.190. Microsoft may be adding even more in the future. I was still able to block MSN Messenger with just default filter exceptions and the Access Rule listed above, but should a new version of MSN Messenger come out that is able to slip by the proxy rules, try redirecting an entire subnet. Redirecting subnet 64.4.13.160 (255.255.255.224) will prevent traffic from reaching all addresses from 64.4.13.161 through 64.4.13.191. (Changing that subnet to 64.4.13.128 and the subnet mask to 255.255.255.128 would expand the blocking to 64.4.13.129 through 64.4.13.255). Block ICQ/AIM traffic block out from any to any port = 5190 block in from any to any port = 5190 web.icq.com ads.icq.com login.icq.com cb.icq.com icq.mirabilis.com http.proxy.icq.com Work in progress. (from several posts) Martijn Jansen -----Oorspronkelijk bericht----- Van: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED]] Namens Mears, Rob Verzonden: dinsdag 19 november 2002 18:28 Aan: [EMAIL PROTECTED] Onderwerp: RE: RE: Block MSN Messenger [7:57595] Yes and I have done it all via the PIX Where you run into problems is when they use port 80. Rob Rob H Mears III, CCNP, MCSE, NNCDS, NNCSS, CNE, A+ LAN Engineer and Technical Mercenary Valor Telecom 469.420.2656 -----Original Message----- From: vikramjskeer [ mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 10:46 AM To: [EMAIL PROTECTED] Subject: Re: RE: Block MSN Messenger [7:57595] Hi All, Very rightly said that these messengers use so many servers and so many ports that it's kind of impossible to block them all. But you can very easily do it, right on the OS level. I know about the Win2K that you can set up some system policies with which you can directly block these exes themselves. Hope it helps: Regards, Vikram "Lidiya White" wrote: Try to block the login servers: http://acronymsonline.com/im_ips.htm -- Lidiya White -----Original Message----- From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED]]On Behalf Of Josh Green Sent: Monday, November 18, 2002 10:16 AM To: [EMAIL PROTECTED] Subject: RE: Block MSN Messenger [7:57595] It is possible, however Messenger uses so many different ports on so many different servers that it's not worth your time. -----Original Message----- From: Steven A. Ridder [ mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 8:36 AM To: [EMAIL PROTECTED] Subject: Re: Block MSN Messenger [7:57595] no. don't waste your time. ""Ahed Naimi"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear All; > > Is there any way to block MSN Messenger by using the access-list statements > on an IOS Cisco router. > > Thanks All. Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in Change the way you talk. Indiatimes presents "Valufon", Your PC to Phone service with clear voice at rates far less than the normal ISD rates. Go to http://www.valufon.indiatimes.com. Choose your plan. BUY NOW. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58304&t=58304 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
