Hi Gustavo, Thanks for good work. Adding host:login.live.com will also i guess block hotmail etc also ( i pasted the login.live.com to the browser) . I would like to control the webmail access by the proxy mainly.
I also sniffed some traffic on my PC while msn is used at the smae time and also sniff some packet (while my msn is open) with fw monitor at the Firewall. Opened it on the wireshark , now will look how can i find releated traffic (header etc). Regards Regards 2010/3/23 Gustavo Rios P <[email protected]>: > Hi, > > I made wireshark capture while signing in to Windows Live (version 2009 > build 14.0.8089.726) and found this info: > > GET /ppcrlcheck.srf HTTP/1.1 > > Accept: */* > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; InfoPath.2; > .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR > 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; > OfficeLivePatch.0.0; IDCRL 5.000.810.6; IDCRL-cfg 6.0.11409.0; App > msnmsgr.exe, 14.0.8089.726, {7108E71A-9926-4FCB-BCC9-9A9D3F32E423}) > > Host: login.live.com > > Cache-Control: no-cache > > > Maybe you could try adding a custom header like "host: login.live.com" to > the reject list > > I haven't tested yet, maybe will also block the access to the hotmail web > based e-mail portal, but I think it's just a matter of configure it and see > the behavior. > > > > > _______________________________ > > > > Gustavo Ríos P. > Senior Security Specialist > email: [email protected] > www.cybertechprojects.com > Telf.: +58 212 266 1980/ 2503 > Cel: +58 412 801 4879 > Fax: +58 212 266 9995 > > > ****************************************************** > NOTA CONFIDENCIAL: La información contenida en este E-mail es confidencial y > sólo puede ser utilizada por la persona o la compañía a la cual está > dirigido y/o por el emisor. Si no es el receptor autorizado, cualquier > retención, difusión, distribución o copia de este mensaje es prohibida y > será sancionada por la ley. Si por error recibe este mensaje, favor > devolverlo y borrar el mensaje recibido inmediatamente. > > CONFIDENTIAL NOTE: The information in this E-mail is intended to be > confidential and only for use of the individual or entity to whom it is > addressed and/or the issuer. If you are not the intended recipient, any > retention, dissemination, distribution or copying of this message is > strictly prohibited and sanctioned by law. If you receive this message by > error, please immediately send it back and delete the message received. > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[email protected]] On Behalf Of a bv > Sent: Jueves, 18 de Marzo de 2010 08:50 a.m. > To: [email protected] > Subject: Re: [FW-1] Blocking instant messaging traffic with Smartdefense > > Is there anyone , who has an idea about that? any custom header to put > on rejection? > > > Regards > > 2010/3/15, a bv <[email protected]>: >> Hi Paolo, >> >> It seems that i have all the patterns activated (both at the IM part >> and Header Rejection side) >> and gave no exception to any client , but i still can login and use >> windows live messenger >> from my pc . So the others also must be able to use also, thats what i >> dont want them too. >> >> Regards >> >> 2010/3/14, Paolo Riviello <[email protected]>: >>> HI, >>> in order to block MSN over HTTP you should use Web Intelligence HTTP >>> Protocol Inspection Header Rejection. >>> Then SmartDefence >>> configuration, use MSN Messenger rejection patterns. >>> >>> Hope this help. >>> >>> Paolo >>> >>> _________________________________________________________________ >>> Chiama e videochiama gratis su Messenger! >>> http://www.messenger.it/videoconversazioni.aspx >>> ================================================= >>> To set vacation, Out-Of-Office, or away messages, >>> send an email to [email protected] >>> in the BODY of the email add: >>> set fw-1-mailinglist nomail >>> ================================================= >>> To unsubscribe from this mailing list, >>> please see the instructions at >>> http://www.checkpoint.com/services/mailing.html >>> ================================================= >>> If you have any questions on how to change your >>> subscription options, email >>> [email protected] >>> ================================================= >>> >> > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
