PIX Block MSN/YAHOO

Discussion in 'Cisco' started by Simon Koh, Oct 3, 2004.

  1. Simon Koh

    Simon Koh Guest

    Hi Guru,
    Thanks for your advice on blocking IM. I have managed to block Yahoo but not
    MSN. Could you please advise below your MSN block, I have problem getting
    the one.....

    > : microsoft messenger


    > access-list acl-inside deny tcp any object-group MSN_Messenger_hosts


    > object-group MSN_Messenger_tcp


    Is this a single command or two lines? In either case I couldn't insert this
    command.

    Many thanks,

    Simon

    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:cid7fq$nob$...
    > In article <cici23$fb1$>,
    > Simon Koh <> wrote:
    > :This is not something new but I really wanted to do so using PIX 515 to
    > :block Yahoo/MSN Messenger.
    >
    > :Any advice is appreciated.
    >
    > I haven't updated our entries in awhile, but here is what we have:
    >
    >
    > object-group service MSN_Messenger_tcp tcp
    > description MSN Messenger tries to use these ports
    > port-object eq www
    > port-object eq 1863
    > port-object eq 7001
    >
    > object-group network MSN_Messenger_hosts
    > description hosts that MSN Messenger lives on
    > network-object 65.54.195.0 255.255.255.0
    > network-object 65.54.225.0 255.255.255.0
    > network-object 65.54.226.0 255.255.254.0
    > network-object 65.54.228.0 255.255.254.0
    > network-object host 65.54.240.61
    > network-object host 65.54.240.62
    > network-object 207.46.104.0 255.255.252.0
    > network-object 207.46.108.0 255.255.255.0
    > network-object 207.68.171.0 255.255.255.0
    >
    > : Yahoo instant messenger
    > access-list acl-inside deny ip any host 64.58.78.228
    > access-list acl-inside deny ip any host 66.163.172.50
    > access-list acl-inside deny ip any host 66.163.172.51
    > access-list acl-inside deny ip any host 216.136.232.154
    > access-list acl-inside deny ip any host 64.58.78.227
    >
    > : microsoft messenger
    > access-list acl-inside deny tcp any object-group MSN_Messenger_hosts
    > object-group MSN_Messenger_tcp
    >
    >
    > Note, however, that this will break access to hotmail, which uses some
    > of the hosts in the ranges listed for MSN_Messenger_hosts. If you
    > care about hotmail, then before the blocking of MSN_Messnger_tcp, you
    > have to permit access to the hosts associated with hotmail, which we
    > have down as:
    >
    > object-group network MSN_hotmail_hosts
    > description hosts that www.hotmail.com (loginnet.passport.com) lives on
    > network-object host 65.54.131.192
    > network-object host 65.54.140.158
    > network-object host 65.54.225.156
    > network-object host 65.54.225.241
    > network-object host 65.54.225.254
    > network-object host 65.54.226.246
    > network-object host 65.54.226.247
    > network-object host 65.54.226.248
    > network-object host 65.54.226.249
    > network-object host 65.54.228.250
    > network-object host 65.54.225.251
    > network-object host 65.54.226.252
    > network-object host 65.54.226.254
    > network-object host 65.54.228.243
    > network-object host 65.54.228.244
    > network-object host 65.54.228.253
    > network-object host 65.54.229.248
    > network-object host 65.54.229.252
    > network-object host 65.54.229.253
    > network-object host 65.54.229.254
    > network-object host 66.59.149.199
    > network-object host 66.77.43.101
    > network-object host 207.68.171.232
    > network-object host 207.68.171.233
    > network-object host 207.68.172.239
    > network-object host 207.68.172.249
    > network-object host 207.68.173.245
    > network-object host 207.68.173.246
    >
    >
    > With the way that Microsoft has intertwined hotmail and MSN Messenger
    > through their 'passport' login service,
    > it is possible that allowing www access to the above hosts might,
    > through some route I did not test, allow access to MSN Messenger.
    > --
    > This signature intentionally left... Oh, darn!
     
    Simon Koh, Oct 3, 2004
    #1
    1. Advertising

  2. In article <cjnulf$fgi$>,
    Simon Koh <> wrote:
    :Thanks for your advice on blocking IM. I have managed to block Yahoo but not
    :MSN. Could you please advise below your MSN block, I have problem getting
    :the one.....
    :> : microsoft messenger

    :> access-list acl-inside deny tcp any object-group MSN_Messenger_hosts
    :> object-group MSN_Messenger_tcp

    :Is this a single command or two lines? In either case I couldn't insert this
    :command.

    That's one single line.

    What version of PIX are you running?
    --
    "Infinity is like a stuffed walrus I can hold in the palm of my hand.
    Don't do anything with infinity you wouldn't do with a stuffed walrus."
    -- Dr. Fletcher, Va. Polytechnic Inst. and St. Univ.
     
    Walter Roberson, Oct 3, 2004
    #2
    1. Advertising

  3. Simon Koh

    Simon Koh Guest

    It's PIX 515 6.3 (3), PDM V3

    Thanks
    Simon

    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:cjnv2i$d0f$...
    > In article <cjnulf$fgi$>,
    > Simon Koh <> wrote:
    > :Thanks for your advice on blocking IM. I have managed to block Yahoo but
    > not
    > :MSN. Could you please advise below your MSN block, I have problem getting
    > :the one.....
    > :> : microsoft messenger
    >
    > :> access-list acl-inside deny tcp any object-group MSN_Messenger_hosts
    > :> object-group MSN_Messenger_tcp
    >
    > :Is this a single command or two lines? In either case I couldn't insert
    > this
    > :command.
    >
    > That's one single line.
    >
    > What version of PIX are you running?
    > --
    > "Infinity is like a stuffed walrus I can hold in the palm of my hand.
    > Don't do anything with infinity you wouldn't do with a stuffed walrus."
    > -- Dr. Fletcher, Va. Polytechnic Inst. and St. Univ.
     
    Simon Koh, Oct 3, 2004
    #3
  4. Simon Koh

    Simon Koh Guest

    I managed to insert the line to PIX 515 but it seems that MSN could still
    logon on existing machine. I will confirm again.

    Simon

    "Simon Koh" <> wrote in message
    news:cjoa5o$p07$...
    > It's PIX 515 6.3 (3), PDM V3
    >
    > Thanks
    > Simon
    >
    > "Walter Roberson" <-cnrc.gc.ca> wrote in message
    > news:cjnv2i$d0f$...
    >> In article <cjnulf$fgi$>,
    >> Simon Koh <> wrote:
    >> :Thanks for your advice on blocking IM. I have managed to block Yahoo but
    >> not
    >> :MSN. Could you please advise below your MSN block, I have problem
    >> getting
    >> :the one.....
    >> :> : microsoft messenger
    >>
    >> :> access-list acl-inside deny tcp any object-group MSN_Messenger_hosts
    >> :> object-group MSN_Messenger_tcp
    >>
    >> :Is this a single command or two lines? In either case I couldn't insert
    >> this
    >> :command.
    >>
    >> That's one single line.
    >>
    >> What version of PIX are you running?
    >> --
    >> "Infinity is like a stuffed walrus I can hold in the palm of my hand.
    >> Don't do anything with infinity you wouldn't do with a stuffed walrus."
    >> -- Dr. Fletcher, Va. Polytechnic Inst. and St. Univ.

    >
    >
     
    Simon Koh, Oct 3, 2004
    #4
  5. Simon Koh

    Simon Koh Guest

    No go, still able to access MSN Messenger after inserting the line, hotmail
    is blocked though. Any idea? Should I provide my PIX configure for further
    investigation?

    Thanks,
    Simon

    "Simon Koh" <> wrote in message
    news:cjobu7$qfm$...
    >I managed to insert the line to PIX 515 but it seems that MSN could still
    >logon on existing machine. I will confirm again.
    >
    > Simon
    >
    > "Simon Koh" <> wrote in message
    > news:cjoa5o$p07$...
    >> It's PIX 515 6.3 (3), PDM V3
    >>
    >> Thanks
    >> Simon
    >>
    >> "Walter Roberson" <-cnrc.gc.ca> wrote in message
    >> news:cjnv2i$d0f$...
    >>> In article <cjnulf$fgi$>,
    >>> Simon Koh <> wrote:
    >>> :Thanks for your advice on blocking IM. I have managed to block Yahoo
    >>> but not
    >>> :MSN. Could you please advise below your MSN block, I have problem
    >>> getting
    >>> :the one.....
    >>> :> : microsoft messenger
    >>>
    >>> :> access-list acl-inside deny tcp any object-group MSN_Messenger_hosts
    >>> :> object-group MSN_Messenger_tcp
    >>>
    >>> :Is this a single command or two lines? In either case I couldn't insert
    >>> this
    >>> :command.
    >>>
    >>> That's one single line.
    >>>
    >>> What version of PIX are you running?
    >>> --
    >>> "Infinity is like a stuffed walrus I can hold in the palm of my hand.
    >>> Don't do anything with infinity you wouldn't do with a stuffed
    >>> walrus."
    >>> -- Dr. Fletcher, Va. Polytechnic Inst. and St. Univ.

    >>
    >>

    >
    >
     
    Simon Koh, Oct 3, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?WWVsbG93X0Zpc2g=?=

    MSN Instant Messager Emails - Can I block from FireWall

    =?Utf-8?B?WWVsbG93X0Zpc2g=?=, Sep 26, 2005, in forum: Microsoft Certification
    Replies:
    5
    Views:
    959
    Brendon Rogers
    Oct 13, 2005
  2. Simon Koh

    PIX 515 Block MSN, Yahoo

    Simon Koh, Sep 16, 2004, in forum: Cisco
    Replies:
    2
    Views:
    5,808
    Simon Koh
    Sep 18, 2004
  3. *** HAWK

    Block access to msn

    *** HAWK, Aug 9, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    2,924
    Willy
    Sep 25, 2003
  4. KerplunKuK

    Block MSN Messenger

    KerplunKuK, Feb 16, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    466
    ┬░Mike┬░
    Feb 16, 2004
  5. Pager O Rama

    MSN BLOCK CHECKER-MSN STATUS CHECKER-MSN PROBLEMS

    Pager O Rama, Apr 4, 2006, in forum: Digital Photography
    Replies:
    0
    Views:
    858
    Pager O Rama
    Apr 4, 2006
Loading...

Share This Page