Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
Ive got Squid, Dansguardian and Iptables installed. And I know on what ports msn messenger operates "blocking those ports does not work anymore" . I want a solution to totally block the usage of msn messenger on my network. Ive read alot of posts here and elsewhere, the solutions either dont work partially or at all.
Any help would be highly appreciated !!
Note: This might sound silly, but if you redirect all traffic comming to port 1863 to a running daemon on ur linux box "ex: 25" it stops msn messenger from working. But I have different subnets and not all have access to the same ports and this method does not work for me.
You will need to do some listening to an MSN connection as it sets up.
Blocking the high ports will force it to use http methods.
Watch the dansguardian logs for the first signs of msn urls, then add them to the url blocklist.
As an added precaution, run a small dns proxy, eg dnsmasq, and add the msn domains to /etc/hosts but with a 127.0.0.1 ip address.
If users can't get dns working, they can't establish calls.
I've never tried to block MSN Messenger but I do know a good way to block AOL is to add a dns entry to your internal servers where login.oscar.aol.com (or something like that0 is 127.0.0.1.
I don't use MSN but maybe you could open up a client and see what it actually connects to in the configuration (if it tells) and block that. Alternatley I've seen where you can just straight out block the IP's that it uses. Users may complain they can't get to hotmail though.....
If you do make the DNS change and it works, your end users might be able to just take out the domain name in the config and replace it with an IP if they are smart enough.
OT: Are you in Lebanon right now? Are you in the northern part or southern part?
Hmm...so what you mean is that if I add the msn urls to url blocklist...msn will not switch to using the http method...? What if they initiate a troubleshoot session and press repair ?
Iam living in beirut city..near AUB the American University of Beirut ...which is a relatively safe place..but my house was destroyed.... Ive been sleeping at my office for the last 20 days..but if you want me to check out somebody for you Iam willing to do so.
-= Mod Note: You can continue this conversation via email pls =-
Last edited by peter_robb; 08-03-2006 at 11:58 AM.