-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The problem comes that messenger can also work with http encapsulation.
So, basically, stopping TCP/1863 AND activating smartdefense http
filtering (you've a list of what's supported).
Also, you'll have to define you client access to outside either as a
ressource or as something authenticated.
Regards,
Jean-Francois Gobin
On Mon, 16 Jan 2006, Stig Bull wrote:
Dear list, I have been given the task of blocking MSN Messenger in the
office firewall.
However, after some rather extensive Googling, I see that this is far
more difficult than it appears to be, and the web sites I found with
claimed solutions for blocking MSN, simply didn't work.
Here's what I've done so far (after Googling):
Blocked access to gateway.messenger.hotmail.com, messenger.hotmail.com
and webmessenger.msn.com; all traffic, inbound and outbound. I've also
blocked port 1863 (TCP, UDP), 6891-6900 (TCP), 5190 (UDP) and 6901
(UDP).
Still people are able to connect MSN Messenger with no problem at all. I
suspect this is because the server's I'm trying to block, have several
different IP addresses.
I've read that some think the best way is SmartDefense, but I'm not sure
if I need a license for it. At least it tells me when I try to update it
(NG AI R55 by the way) that SmartDefense updates require a SmartDefense
subscription license, so I really haven't looked into it at all.
Is there any successfull way of blocking MSN Messenger which really
works?
--
Regards
Stig Bull
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
- ----------
Jean-Francois Gobin - Administrateur gobinjf.be
http://www.gobinjf.be mailto:gobin AT gobinjf DOT be
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQFDy3ggkkg3QInH2uURAmxuAJ98iG+C2P0pPaZ+WWEZd6czhCqGEwCfax8y
RVbjd9CnTj0sQgSp8krU5Ww=
=gHzS
-----END PGP SIGNATURE-----
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
