Allow Port 80 to a squid cache, allow 25 to your internal MX cache.. 53/UDP to internal DNS server.. 110/143/993/995 to the company webserver.. But, user education is almost always a better bet.
On Aug 13, 2004, at 5:19 PM, Shawn Grover wrote:
did some more research on this...
apparently if port 1863 is blocked, MSN then switches to some random port above 1024 using HTTP. Next, I tried to block a specific server (messenger.hotmail.com) but that didn't work either - I guess MSN switches to another server is if the first can't be found....
hmmm... gotta wonder why they would make it so tough to "turn off".
Shawn
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Shawn Grover Sent: Friday, August 13, 2004 4:29 PM To: [EMAIL PROTECTED]; CLUG General Subject: RE: [clug-talk] Blocking MSN with IPTables?
Thanks Pete.
Unfortunately, that code doesn't seem to be working. I've placed the commands right after the enable masquerading commands, but no luck - we can still connect and send messages....
I even looked up what server we were connecting to (messenger.hotmail.com), found it's IP (207.46.104.20), and changed the second line. Still no luck. (and there are no #'s in the script either...)
Thanks anyways.
Shawn
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Pete Sent: Friday, August 13, 2004 3:58 PM To: CLUG General Subject: Re: [clug-talk] Blocking MSN with IPTables? To block MSN messenger: # iptables -A FORWARD -p TCP --dport 1863 -j DROP # iptables -A FORWARD -d 64.4.13.0/24 -j DROP
< Somebody that can confirm those 2 lines? >
They still can use web-enabled chat services... And what if a user know how to port-redirect ... ?
My opinion : don't block it, educate/ask users, log, detect misuse, warn, and give pink slip so that he/she can use MSN @ home all day...
Peter
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
