LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-03-2006, 06:16 AM   #1
ALInux
Member
 
Registered: Nov 2003
Location: Lebanon
Distribution: RHEL 5/CentOS 5/Debian Lenny/(K)Ubuntu Is Dead/Mandriva 10.1
Posts: 668
Blog Entries: 7

Rep: Reputation: 31
Angry Block MSN Again !!


Hi Guys
Ive got Squid, Dansguardian and Iptables installed. And I know on what ports msn messenger operates "blocking those ports does not work anymore" . I want a solution to totally block the usage of msn messenger on my network. Ive read alot of posts here and elsewhere, the solutions either dont work partially or at all.

Any help would be highly appreciated !!


Note: This might sound silly, but if you redirect all traffic comming to port 1863 to a running daemon on ur linux box "ex: 25" it stops msn messenger from working. But I have different subnets and not all have access to the same ports and this method does not work for me.
 
Old 08-03-2006, 08:51 AM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
You will need to do some listening to an MSN connection as it sets up.
Blocking the high ports will force it to use http methods.
Watch the dansguardian logs for the first signs of msn urls, then add them to the url blocklist.

As an added precaution, run a small dns proxy, eg dnsmasq, and add the msn domains to /etc/hosts but with a 127.0.0.1 ip address.
If users can't get dns working, they can't establish calls.
 
Old 08-03-2006, 09:40 AM   #3
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
I've never tried to block MSN Messenger but I do know a good way to block AOL is to add a dns entry to your internal servers where login.oscar.aol.com (or something like that0 is 127.0.0.1.

I don't use MSN but maybe you could open up a client and see what it actually connects to in the configuration (if it tells) and block that. Alternatley I've seen where you can just straight out block the IP's that it uses. Users may complain they can't get to hotmail though.....

If you do make the DNS change and it works, your end users might be able to just take out the domain name in the config and replace it with an IP if they are smart enough.

OT: Are you in Lebanon right now? Are you in the northern part or southern part?
 
Old 08-03-2006, 11:37 AM   #4
ALInux
Member
 
Registered: Nov 2003
Location: Lebanon
Distribution: RHEL 5/CentOS 5/Debian Lenny/(K)Ubuntu Is Dead/Mandriva 10.1
Posts: 668
Blog Entries: 7

Original Poster
Rep: Reputation: 31
To Peter
Hmm...so what you mean is that if I add the msn urls to url blocklist...msn will not switch to using the http method...? What if they initiate a troubleshoot session and press repair ?

To Ben
Iam living in beirut city..near AUB the American University of Beirut ...which is a relatively safe place..but my house was destroyed.... Ive been sleeping at my office for the last 20 days..but if you want me to check out somebody for you Iam willing to do so.
-= Mod Note: You can continue this conversation via email pls =-

Last edited by peter_robb; 08-03-2006 at 11:58 AM.
 
Old 08-03-2006, 11:55 AM   #5
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Actually, the other way around.

If you block the high ports with iptables, the logon must use http methods, which dansguardian can control, and you can block.
 
Old 08-03-2006, 12:30 PM   #6
ALInux
Member
 
Registered: Nov 2003
Location: Lebanon
Distribution: RHEL 5/CentOS 5/Debian Lenny/(K)Ubuntu Is Dead/Mandriva 10.1
Posts: 668
Blog Entries: 7

Original Poster
Rep: Reputation: 31
I will try that and post results
 
  


Reply

Tags
blocking, dansguardian, iptables, msn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
BLOCK MSN again.... ALInux Linux - Networking 0 06-02-2006 07:06 AM
possible to block msn traffic? flamesrock Linux - Software 3 05-26-2005 09:10 PM
Block MSN, YM, ICQ.... All..... gabriellai Linux - Networking 2 04-05-2005 05:21 PM
how Block MSN Messenger.... jamiguel77 Linux - Networking 3 09-17-2004 05:29 AM
How can i block msn through squid linuxeagle Linux - Networking 5 04-08-2004 09:08 AM


All times are GMT -5. The time now is 06:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration