Security Basics mailing list archives
RE: Blocking Instant Messaging Applications
From: Murad Talukdar <talukdar_m () subway com>
Date: Tue, 22 Nov 2005 15:58:10 +1000
Just in the process of doing same here. I have initially (For MSN Messenger) followed guidelines for disabling it from running at all: Of course--this is no good if they are localadmin. http://woodwardcc.com/content/view/20/ I'm looking at other IM apps too now--will see how I can handle it on my Watchguard. Perhaps something that looks at the type of traffic and blocks it rather than by port? Or disable at the source? I've used winguard pro before to block apps at client level.(No good if you're not on Windows). www.winguardpro.com Regards Murad Talukdar -----Original Message----- From: Gaddis, Jeremy L. [mailto:jeremy () linuxwiz net] Sent: Saturday, November 19, 2005 4:24 AM To: security-basics () securityfocus com Subject: Blocking Instant Messaging Applications Hi, I'm interested in hearing what others are doing to block Instant Messaging traffic on their networks. We would like to block all IM traffic due to security concerns and, less so, bandwidth concerns (large file transfers). Normal measures that one would take are futile. These IM applications are very "port agile" and will simply try another port if the first doesn't work. Blocking 1863/TCP, for example, does nothing to stop MSN Messenger. Many months ago, I implemented the tips that Microsoft outlined in KB article 889829 (http://support.microsoft.com/default.aspx/kb/889829) to no avail. A few days ago, I made our DNS servers "authoritative" for messenger.hotmail.com and webmessenger.msn.com, and added A records pointing to 127.0.0.1. These seems to have taken care of MSN Messenger for the meantime, but it's only a matter of time before someone figures out what's going on and how to bypass it. I haven't yet attempted to block AOL or Yahoo's Instant Messengers, but those will be next. We have a policy that takes care of the problem on the employee side of things, but we are an .edu and we can't apply that same policy to students using the labs or wireless networks in our building. I'm interested in hearing about "software" solutions to this problem, and am trying to avoid throwing additional network appliances or devices into the mix if at all possible. Thanks, -j -- Jeremy L. Gaddis, GCWN "If it's not on fire, it's a software problem."
Current thread:
- Blocking Instant Messaging Applications Gaddis, Jeremy L. (Nov 21)
- RE: Blocking Instant Messaging Applications Murad Talukdar (Nov 22)
- <Possible follow-ups>
- RE: Blocking Instant Messaging Applications Nick Duda (Nov 21)
- RE: Blocking Instant Messaging Applications Murad Talukdar (Nov 22)
- RE: Blocking Instant Messaging Applications Aditya Deshmukh (Nov 24)
- Re: Blocking Instant Messaging Applications Gaddis, Jeremy L. (Nov 22)
- RE: Blocking Instant Messaging Applications Murad Talukdar (Nov 22)
- Re: Blocking Instant Messaging Applications Neksus (Nov 21)
- Re: Blocking Instant Messaging Applications Alloishus BeauMains (Nov 22)
- Re: Blocking Instant Messaging Applications Gaddis, Jeremy L. (Nov 22)
- RE: Blocking Instant Messaging Applications Aditya Deshmukh (Nov 24)
- Re: Blocking Instant Messaging Applications Gaddis, Jeremy L. (Nov 22)
- RE: Blocking Instant Messaging Applications Alexis Villagra - VILSOL LatinAmerica (Nov 22)
- Re: Blocking Instant Messaging Applications Alloishus BeauMains (Nov 22)
(Thread continues...)