One other method is to use a proxy server to help filter traffic by URL and/or IP. This involves running squid on your firewall box and taking all outbound port 80 traffic from your internal network and sending it to squid port 3128 (Which then goes to the real world). Squid has the ability to block by url's and IP addresses.
If this seems like a way you might want to go then I could recommend this site with config files, settings and scripts you might find useful: http://www.chrisliveonline.com/security/scripts/squid.zip On Fri, 2004-08-13 at 17:19, Shawn Grover wrote: > did some more research on this... > > apparently if port 1863 is blocked, MSN then switches to some random port above 1024 > using HTTP. Next, I tried to block a specific server (messenger.hotmail.com) but > that didn't work either - I guess MSN switches to another server is if the first > can't be found.... > > hmmm... gotta wonder why they would make it so tough to "turn off". > > Shawn > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Shawn Grover > Sent: Friday, August 13, 2004 4:29 PM > To: [EMAIL PROTECTED]; CLUG General > Subject: RE: [clug-talk] Blocking MSN with IPTables? > > > Thanks Pete. > > Unfortunately, that code doesn't seem to be working. I've placed the commands right > after the enable masquerading commands, but no luck - we can still connect and send > messages.... > > I even looked up what server we were connecting to (messenger.hotmail.com), found > it's IP (207.46.104.20), and changed the second line. Still no luck. (and there > are no #'s in the script either...) > > Thanks anyways. > > Shawn > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Pete > Sent: Friday, August 13, 2004 3:58 PM > To: CLUG General > Subject: Re: [clug-talk] Blocking MSN with IPTables? > To block MSN messenger: > # iptables -A FORWARD -p TCP --dport 1863 -j DROP > # iptables -A FORWARD -d 64.4.13.0/24 -j DROP > > < Somebody that can confirm those 2 lines? > > > They still can use web-enabled chat services... > And what if a user know how to port-redirect ... ? > > My opinion : don't block it, educate/ask users, log, detect misuse, warn, and give > pink slip so that he/she can use MSN @ home all day... > > Peter > > > _______________________________________________ > clug-talk mailing list > [EMAIL PROTECTED] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > _______________________________________________ > clug-talk mailing list > [EMAIL PROTECTED] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > _______________________________________________ > clug-talk mailing list > [EMAIL PROTECTED] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca -- Mike Petch CApp::Sysware Consulting Ltd. Suite 1002,1140-15th Ave SW. Calgary, Alberta, Canada. T2R 1K6. (403)804-5700.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
