[c-nsp] CBAC - SIP & MSN Messenger

[Paul Stewart]

Thanks for the reply.... I'm going to look at doing that on Monday.. Was
hoping to find a pre-established *recent* list from someone but it looks
like I"ll just have to start blocking /24's as I see them coming up.:)

Take care,

Paul
 

-----Original Message-----
From: Ted Mittelstaedt [mailto:tedm at toybox.placo.com] 
Sent: Friday, August 19, 2005 11:57 AM
To: Paul Stewart; Per Carlson; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] CBAC - SIP & MSN Messenger



>-----Original Message-----
>From: cisco-nsp-bounces at puck.nether.net 
>[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Paul Stewart
>Sent: Thursday, August 18, 2005 5:43 AM
>To: Per Carlson; cisco-nsp at puck.nether.net
>Subject: RE: [c-nsp] CBAC - SIP & MSN Messenger
>
>
>Wow... Read that stuff over and over and never noticed.... Thanks so 
>much for clarifying...
>
>It's looks like our best bet to block MSN Messenger traffic on a 3640 
>is to block by IP destinations and prevent the user from logging in.  
>The other option I suppose is to use WCCP to a linux box with Squid and

>filter it out that way from port 80.
>
>Does anyone on this list have a pre-established list of IP's to block 
>for MSN Messenger without me having to do trial and error?  When I do a

>google search I get a lot of conflicting stories on which ranges do 
>what...
>

You can do a "netstat -a" on the systems that are running MSN Messenger.
Once you block one range, try reconnecting MSN and doing the netatat -a
again.
Keep doing this until you get all the ranges.

Microsoft knows they are unloved by the network administration community
and they move these servers around to different IP ranges quite a lot.
The
clients also try many different ranges before giving up.

Ted
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.12/77 - Release Date:
8/18/2005