PIX 515 Block MSN, Yahoo

Discussion in 'Cisco' started by Simon Koh, Sep 16, 2004.

  1. Simon Koh

    Simon Koh Guest

    Hi,

    This is not something new but I really wanted to do so using PIX 515 to
    block Yahoo/MSN Messenger.

    Any advice is appreciated.

    Simon
    Simon Koh, Sep 16, 2004
    #1
    1. Advertising

  2. In article <cici23$fb1$>,
    Simon Koh <> wrote:
    :This is not something new but I really wanted to do so using PIX 515 to
    :block Yahoo/MSN Messenger.

    :Any advice is appreciated.

    I haven't updated our entries in awhile, but here is what we have:


    object-group service MSN_Messenger_tcp tcp
    description MSN Messenger tries to use these ports
    port-object eq www
    port-object eq 1863
    port-object eq 7001

    object-group network MSN_Messenger_hosts
    description hosts that MSN Messenger lives on
    network-object 65.54.195.0 255.255.255.0
    network-object 65.54.225.0 255.255.255.0
    network-object 65.54.226.0 255.255.254.0
    network-object 65.54.228.0 255.255.254.0
    network-object host 65.54.240.61
    network-object host 65.54.240.62
    network-object 207.46.104.0 255.255.252.0
    network-object 207.46.108.0 255.255.255.0
    network-object 207.68.171.0 255.255.255.0

    : Yahoo instant messenger
    access-list acl-inside deny ip any host 64.58.78.228
    access-list acl-inside deny ip any host 66.163.172.50
    access-list acl-inside deny ip any host 66.163.172.51
    access-list acl-inside deny ip any host 216.136.232.154
    access-list acl-inside deny ip any host 64.58.78.227

    : microsoft messenger
    access-list acl-inside deny tcp any object-group MSN_Messenger_hosts object-group MSN_Messenger_tcp


    Note, however, that this will break access to hotmail, which uses some
    of the hosts in the ranges listed for MSN_Messenger_hosts. If you
    care about hotmail, then before the blocking of MSN_Messnger_tcp, you
    have to permit access to the hosts associated with hotmail, which we
    have down as:

    object-group network MSN_hotmail_hosts
    description hosts that www.hotmail.com (loginnet.passport.com) lives on
    network-object host 65.54.131.192
    network-object host 65.54.140.158
    network-object host 65.54.225.156
    network-object host 65.54.225.241
    network-object host 65.54.225.254
    network-object host 65.54.226.246
    network-object host 65.54.226.247
    network-object host 65.54.226.248
    network-object host 65.54.226.249
    network-object host 65.54.228.250
    network-object host 65.54.225.251
    network-object host 65.54.226.252
    network-object host 65.54.226.254
    network-object host 65.54.228.243
    network-object host 65.54.228.244
    network-object host 65.54.228.253
    network-object host 65.54.229.248
    network-object host 65.54.229.252
    network-object host 65.54.229.253
    network-object host 65.54.229.254
    network-object host 66.59.149.199
    network-object host 66.77.43.101
    network-object host 207.68.171.232
    network-object host 207.68.171.233
    network-object host 207.68.172.239
    network-object host 207.68.172.249
    network-object host 207.68.173.245
    network-object host 207.68.173.246


    With the way that Microsoft has intertwined hotmail and MSN Messenger
    through their 'passport' login service,
    it is possible that allowing www access to the above hosts might,
    through some route I did not test, allow access to MSN Messenger.
    --
    This signature intentionally left... Oh, darn!
    Walter Roberson, Sep 17, 2004
    #2
    1. Advertising

  3. Simon Koh

    Simon Koh Guest

    Thanks. Appreciate your help.

    Is there a website that I could refer in future so if I managed to logon to
    Yahoo & MSN again I could refer to the said website for further blocking??
    Once again, thanks.

    Simon

    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:cid7fq$nob$...
    > In article <cici23$fb1$>,
    > Simon Koh <> wrote:
    > :This is not something new but I really wanted to do so using PIX 515 to
    > :block Yahoo/MSN Messenger.
    >
    > :Any advice is appreciated.
    >
    > I haven't updated our entries in awhile, but here is what we have:
    >
    >
    > object-group service MSN_Messenger_tcp tcp
    > description MSN Messenger tries to use these ports
    > port-object eq www
    > port-object eq 1863
    > port-object eq 7001
    >
    > object-group network MSN_Messenger_hosts
    > description hosts that MSN Messenger lives on
    > network-object 65.54.195.0 255.255.255.0
    > network-object 65.54.225.0 255.255.255.0
    > network-object 65.54.226.0 255.255.254.0
    > network-object 65.54.228.0 255.255.254.0
    > network-object host 65.54.240.61
    > network-object host 65.54.240.62
    > network-object 207.46.104.0 255.255.252.0
    > network-object 207.46.108.0 255.255.255.0
    > network-object 207.68.171.0 255.255.255.0
    >
    > : Yahoo instant messenger
    > access-list acl-inside deny ip any host 64.58.78.228
    > access-list acl-inside deny ip any host 66.163.172.50
    > access-list acl-inside deny ip any host 66.163.172.51
    > access-list acl-inside deny ip any host 216.136.232.154
    > access-list acl-inside deny ip any host 64.58.78.227
    >
    > : microsoft messenger
    > access-list acl-inside deny tcp any object-group MSN_Messenger_hosts
    > object-group MSN_Messenger_tcp
    >
    >
    > Note, however, that this will break access to hotmail, which uses some
    > of the hosts in the ranges listed for MSN_Messenger_hosts. If you
    > care about hotmail, then before the blocking of MSN_Messnger_tcp, you
    > have to permit access to the hosts associated with hotmail, which we
    > have down as:
    >
    > object-group network MSN_hotmail_hosts
    > description hosts that www.hotmail.com (loginnet.passport.com) lives on
    > network-object host 65.54.131.192
    > network-object host 65.54.140.158
    > network-object host 65.54.225.156
    > network-object host 65.54.225.241
    > network-object host 65.54.225.254
    > network-object host 65.54.226.246
    > network-object host 65.54.226.247
    > network-object host 65.54.226.248
    > network-object host 65.54.226.249
    > network-object host 65.54.228.250
    > network-object host 65.54.225.251
    > network-object host 65.54.226.252
    > network-object host 65.54.226.254
    > network-object host 65.54.228.243
    > network-object host 65.54.228.244
    > network-object host 65.54.228.253
    > network-object host 65.54.229.248
    > network-object host 65.54.229.252
    > network-object host 65.54.229.253
    > network-object host 65.54.229.254
    > network-object host 66.59.149.199
    > network-object host 66.77.43.101
    > network-object host 207.68.171.232
    > network-object host 207.68.171.233
    > network-object host 207.68.172.239
    > network-object host 207.68.172.249
    > network-object host 207.68.173.245
    > network-object host 207.68.173.246
    >
    >
    > With the way that Microsoft has intertwined hotmail and MSN Messenger
    > through their 'passport' login service,
    > it is possible that allowing www access to the above hosts might,
    > through some route I did not test, allow access to MSN Messenger.
    > --
    > This signature intentionally left... Oh, darn!
    Simon Koh, Sep 18, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Simon Koh

    PIX Block MSN/YAHOO

    Simon Koh, Oct 3, 2004, in forum: Cisco
    Replies:
    4
    Views:
    4,405
    Simon Koh
    Oct 3, 2004
  2. Corbin O'Reilly
    Replies:
    14
    Views:
    4,346
  3. Scott Townsend
    Replies:
    8
    Views:
    674
    Roman Nakhmanson
    Feb 22, 2006
  4. Pager O Rama

    MSN BLOCK CHECKER-MSN STATUS CHECKER-MSN PROBLEMS

    Pager O Rama, Apr 4, 2006, in forum: Digital Photography
    Replies:
    0
    Views:
    736
    Pager O Rama
    Apr 4, 2006
  5. Replies:
    1
    Views:
    508
    Walter Roberson
    Dec 8, 2006
Loading...

Share This Page