I have worked with MSN Messenger issues in the past. The problem with MSN is that it uses the H.323 protocol for the capabilities of VOIP (netmeeting) and Video Conferencing (also netmeeting). H.323 uses dynamically assigned ports that span a great range of UDP ports. Check out this url for information regarding Microsoft's statement on using Netmeeting with a firewall: http://www.microsoft.com/windows/NetMeeting/Corp/reskit/Chapter4/default.asp . Because Microsoft has intermingled the technologies of netmeeting and MSN in a tightly woven package, it is almost as if one won't exist without the other. If I remember correctly, there are as many as 2000 dynamically assignable UDP ports for use in MSN Messenger (and netmeeting).
If you are in a Win2k/NT environment, I suggest that you restrict individual users from having administrative rights on their local machines. This will prevent them from being able to install software. Then, you will have to remove the unwanted chat applications manually. Thus ends the fix on the independent machines on your wire. Then, you may be able to block off all of the UDP ports for incoming and outgoing traffic, but there is a great chance that these ports are needed for other applications. Speaking of Netmeeting, there are other ports listed on the link I provided above that will also need to be restricted. I suggest you set up deny rules for those ports as well. Good luck! Bejon Parsinia -----Original Message----- From: KEN MORRIS [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 20, 2002 8:31 AM To: [EMAIL PROTECTED] Subject: Best means to block MSN Messenger, AIM and other chat programs? Hello, I am using both filtering software and Firewall (GNat Box) to try to block out the use of several chat programs. On the FW I have blocked ports: 4000 - ICQ 1863 - MSN Messenger 5050 - AOL and 5190 for Yahoo After having set up the blocking rule, I then tested MSN Messenger in the system. Problem being that it was still accessible. Any suggestions as to how to block the use of the programs at the firewall would be greatly appreciated. Thank you Ken Morris
