[c-nsp] CBAC - SIP & MSN Messenger

Ted Mittelstaedt tedm at toybox.placo.com
Fri Aug 19 11:57:13 EDT 2005



>-----Original Message-----
>From: cisco-nsp-bounces at puck.nether.net
>[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Paul Stewart
>Sent: Thursday, August 18, 2005 5:43 AM
>To: Per Carlson; cisco-nsp at puck.nether.net
>Subject: RE: [c-nsp] CBAC - SIP & MSN Messenger
>
>
>Wow... Read that stuff over and over and never noticed.... Thanks so
>much for clarifying...
>
>It's looks like our best bet to block MSN Messenger traffic on a 3640 is
>to block by IP destinations and prevent the user from logging in.  The
>other option I suppose is to use WCCP to a linux box with Squid and
>filter it out that way from port 80.
>
>Does anyone on this list have a pre-established list of IP's to block
>for MSN Messenger without me having to do trial and error?  When I do a
>google search I get a lot of conflicting stories on which ranges do
>what...
>

You can do a "netstat -a" on the systems that are running MSN Messenger.
Once you block one range, try reconnecting MSN and doing the netatat -a
again.
Keep doing this until you get all the ranges.

Microsoft knows they are unloved by the network administration community
and they move these servers around to different IP ranges quite a lot.
The
clients also try many different ranges before giving up.

Ted
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.12/77 - Release Date: 8/18/2005



More information about the cisco-nsp mailing list