Re: MSN Messenger using HTTP
- From: Mário Videira <videira@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 14 May 2002 08:55:19 +0100
Hi Carson,
Here go what you ask me in attach.
Bye
Mário Videira
----- Original Message -----
From: "Carson Reid" <creid@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, May 10, 2002 3:58 PM
Subject: [isalist] Re: MSN Messenger using HTTP
http://www.ISAserver.org
Export your "Site and Content", "Protocol Rules", "IP Packet Filter", and
"Destination sets" settings to a text file and email them to me. I will let
you know what you are missing.
Carson Reid, MCSE,MCSA,A+
Network Administrator
Herzing College Winnipeg Campus
LEARN.EARN.WIN.
PHONE: 204.775.8175
FAX: 204.783.8107
Creid@xxxxxxxxxxxxxxx
-----Original Message-----
From: Mário Videira [mailto:videira@xxxxxxxxxx]
Sent: Friday, May 10, 2002 3:07 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: MSN Messenger using HTTP
http://www.ISAserver.org
So, what can i do to block MSN Messenger?
I have done what you said, but nothing solve my problem.
Bye
Mário Videira
----- Original Message -----
From: "Carson Reid" <creid@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, May 09, 2002 4:56 PM
Subject: [isalist] Re: MSN Messenger using HTTP
http://www.ISAserver.org
Port blocking is done using Packet filters. Right click the "IP packet
filters" > new > packet filter.
If you block port 80, you will not be able to surf the web using HTTP =)
Carson Reid, MCSE,MCSA,A+
Network Administrator
Herzing College Winnipeg Campus
LEARN.EARN.WIN.
PHONE: 204.775.8175
FAX: 204.783.8107
Creid@xxxxxxxxxxxxxxx
-----Original Message-----
From: Mario Videira [mailto:videira@xxxxxxxxxx]
Sent: Thursday, May 09, 2002 11:01 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: MSN Messenger using HTTP
http://www.ISAserver.org
Dear Carson,
I have tried, bu it did not solve the problem, would you explain me, how can
i block one port, for example port number 80, using ISA SERVER?
Bye
---------------------------------------------------------
Mário Videira
Networking and Systems Engineer
BNA - Luanda
Email: videira@xxxxxxxxxx
Phone Number : (244)92 312469
--------------------------------------------------------
----- Original Message -----
From: "Carson Reid" <creid@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, May 08, 2002 6:16 PM
Subject: [isalist] Re: MSN Messenger using HTTP
http://www.ISAserver.org
Deleting a protocol definition would not do anything unless it has an
associated Protocol rule. It does not matter what you block with protocol
rules and packet filters except http port 80. Messenger just uses http and
the proxy service if it cannot use it's own protocol.
I have now solved my problem by banning ("*.msgr.hotmail.com" /*)this is the
DNS name that messenger uses to connect.
Thanks to everyone for your ideas,
Carson Reid
-----Original Message-----
From: Mike Mo [mailto:MMo@xxxxxxx]
Sent: Wednesday, May 08, 2002 11:31 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: MSN Messenger using HTTP
http://www.ISAserver.org
if you are not gonna to allow MSN messenger in whole network, try delete MSN
protocol definition if it is defined by yourself.
Or in Protocol Rules, disenable Allow All, and allow only those you want to
Or Allow "All IP Traffic except selected" to exclude MSN Message.
Remember after change the rules, you need stop and start firewall and web
proxy services to enable the changes.
-----Original Message-----
From: Randy Seibert [mailto:rseibert@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, May 07, 2002 11:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: MSN Messenger using HTTP
http://www.ISAserver.org
Wow..We had about 4 users here that abused the crap out of messenger I used
the default rule that comes with ISA and blocked *.msn.com and I even tried
all methods to connect myself with no success.
-Randy
----- Original Message -----
From: "Carson Reid" <creid@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, May 07, 2002 10:12 AM
Subject: [isalist] Re: MSN Messenger using HTTP
http://www.ISAserver.org
Tried that, it did not solve the problem =)
Carson Reid, MCSE,MCSA,A+
Network Administrator
Herzing College Winnipeg Campus
LEARN.EARN.WIN.
PHONE: 204.775.8175
FAX: 204.783.8107
Creid@xxxxxxxxxxxxxxx
-----Original Message-----
From: Randy Seibert [mailto:rseibert@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, May 07, 2002 10:06 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: MSN Messenger using HTTP
http://www.ISAserver.org
Block *.msn.com
----- Original Message -----
From: "Carson Reid" <creid@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, May 07, 2002 9:56 AM
Subject: [isalist] MSN Messenger using HTTP
http://www.ISAserver.org
Hello everyone,
So, I've used the predefined protocol definitions to block MSN
messenger, but my clients still get through. I create packet filters to
block the ports that messenger uses and my clients still get through. I
check the messenger connection status and it says that it is using HTTP
to communicate. My clients can even transfer files via HTTP with
messenger. If anyone knows how to block this, please let me know.
Carson Reid, MCSE,MCSA,A+
Network Administrator
Herzing College Winnipeg Campus
LEARN.EARN.WIN.
PHONE: 204.775.8175
FAX: 204.783.8107
Creid@xxxxxxxxxxxxxxx
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rseibert@xxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
creid@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rseibert@xxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mmo@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
creid@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
videira@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
creid@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
videira@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
creid@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
videira@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Name Scope Description Action Applies To Schedule
Destination Content
Allow rule Array Allow Any request Always All
destinations All
Rule 1 Array Deny Accounts:
BNALDA\Administrator,BNALDA\APOIO,BNALDA\Domain Users,BNALDA\JPINTO Work
hours test All
Name Scope Description Protocol Action Applies To Schedule
mail Array POP3,SMTP Allow Any request Always
MSN Instant Messeger Array Regra Protocolar para o
MSN Instant Messeger Messenger Protocol Deny Any request Always
www Array Acesso as Paginas Web FTP,FTP Download only,Gopher,HTTP,HTTPS
Allow Accounts: BNALDA\Administrator,BNALDA\Domain Users,BNALDA\VIDEIRA
Always
Name Description Destinations
test MSN Messenger Block
*.msn.com,*.gateway.messenger.hotmail.com,*.messenger.hotmail.com,*.msgr.hotmail.com,*.msgr-cs15.msgr.hotmail.com,*.lw8fd.law8.hotmail.msn.com,*.h.msn.com
Name Mode Description Filter type Local computer Remote computer
Protocol Direction Local Port Remote Port ICMP Type
ICMP code
DHCP Client Allow Custom filter Default external IP address
Any UDP Both 68 67
DNS filter Allow DNS lookup Default external IP address
Any UDP Send receive All ports 53
Filtro de Pacotes para o MSN Messager Allow Custom filter Default
external IP address Any TCP Inbound Dynamic 1863
ICMP outbound Allow ICMP all outbound Default external IP
address Any ICMP Outbound All types All
Codes
ICMP ping response (in) Allow ICMP ping response Default
external IP address Any ICMP Inbound 0 0
ICMP source quench Allow ICMP source quench Default
external IP address Any ICMP Inbound 4 0
ICMP timeout in Allow ICMP timeout Default external IP address
Any ICMP Inbound 11 All Codes
ICMP unreachable in Allow ICMP unreachable Default
external IP address Any ICMP Inbound 3 All
Codes
IP Paclet Filter 1 Block Custom filter Default external IP
address Any TCP Inbound Dynamic 1863
Other related posts:
