[nsp] blocking Msn messenger on PIX
Kristofer Sigurdsson
ks at rhi.hi.is
Tue Jul 13 10:54:59 EDT 2004
Mark Tinka, Tue, Jul 13, 2004 at 04:07:03PM +0200 :
> On Tuesday 13 July 2004 15:36, Paul Stewart wrote:
> > Unfortunately doesn't work unless you block port 80 as well and you
> > probably don't want to do that... MSN messenger will default to TCP/80
> > when it can't reach 1863. What I ended up doing at a few sites that had
> > their own internal DNS was creating entries for messenger.msn.com (double
> > check that - it may have changed) to point to 127.0.0.1 therefore it
> > couldn't login at all.... Worked like a dream....
>
> But this would work best if the site doesn't want 'everyone' using MSN. What
> about if only 10% of all staff are authorised to use it?
>
> The other issue is a smart user will simply use another name server some where
> on the global Internet, or at the ISP, for resolution, especially if they are
> sharp enough to ping 'messenger.msn.com' and see the resolved IP =
> 127.0.0.1 :).
How about simply blocking messenger.hotmail.com (207.46.104.20) for those who are
not authorised to use MSN?
--
Kristófer Sigurðsson | Tel: +354 525 4103 / MSN: ks at rhi.hi.is
Netsérfræðingur/Network specialist | Reiknistofnun HÍ/University of Iceland
More information about the cisco-nsp
mailing list