Blocking Instant Messaging Applications

["Gaddis, Jeremy L." <jeremy () linuxwiz net>]

Hi,

I'm interested in hearing what others are doing to block Instant 
Messaging traffic on their networks.  We would like to block all IM 
traffic due to security concerns and, less so, bandwidth concerns (large 
file transfers).

Normal measures that one would take are futile.  These IM applications 
are very "port agile" and will simply try another port if the first 
doesn't work.  Blocking 1863/TCP, for example, does nothing to stop MSN 
Messenger.

Many months ago, I implemented the tips that Microsoft outlined in KB 
article 889829 (http://support.microsoft.com/default.aspx/kb/889829) to 
no avail.  A few days ago, I made our DNS servers "authoritative" for 
messenger.hotmail.com and webmessenger.msn.com, and added A records 
pointing to 127.0.0.1.  These seems to have taken care of MSN Messenger 
for the meantime, but it's only a matter of time before someone figures 
out what's going on and how to bypass it.  I haven't yet attempted to 
block AOL or Yahoo's Instant Messengers, but those will be next.

We have a policy that takes care of the problem on the employee side of 
things, but we are an .edu and we can't apply that same policy to 
students using the labs or wireless networks in our building.

I'm interested in hearing about "software" solutions to this problem, 
and am trying to avoid throwing additional network appliances or devices 
into the mix if at all possible.

Thanks,
-j

--
Jeremy L. Gaddis, GCWN

"If it's not on fire, it's a software problem."