Ask Me Help Desk - Blocking the MSN Port

Blocking the MSN Port

I am running a Small Business Server at a small company. A modem provides internet to the server and all the other users on the network (no routers). I have managed to block the windows messenger application for each user but still web messengers can be used. Which port/s should I block and should I block them off the server or the modem? All suggestions will be appreciated! Thanks!

From: http://support.microsoft.com/kb/240063

MSN Messenger Service is on the public Internet and operates over a TCP port that is enabled by Socks proxies or a firewall that permits open ports (port number 1863 or 443 should be enabled for MSN Messenger service).

Quote:

Originally Posted by Roberttanti

I am running a Small Business Server at a small company. A modem provides internet to the server and all the other users on the network (no routers). I have managed to block the windows messenger application for each user but still web messengers can be used. Which port/s should I block and should I block them off the server or the modem? All suggestions will be appreciated! thanks!

In addition to blocking the port previously mentioned... Windows Messenger requires certain services (Messenger, RPC) to be running to operate. You can stop the services from running by the following steps >> Start > Run / OK; services,msc <<. Also, you might want to verify that NetBios over TCP (protocol) is not running and the UDP Broadcast is OFF.

P2E

If your company just let them use MSN, then you may have an opportunity to run a Big Business Server at a big company... :D

These are the ones that I filter for:

AOL Instant Messenger uses TCP 5190
ICQ (old client) uses UDP 4000
ICQ uses TCP 5190
IRC uses TCP 6667
MSN uses TCP 1863
Net2Phone uses UDP 6801

In your case, you would need to employ filtering on your modem connection for your ISP.

Can the web messengers site be blocked?

Yes. There are numerous ways to do it depending on your environment (sorry that I am not familiar with SBS. All of the servers that I admin are 32-bit and 64-bit Windows 2003 Server Standard or Enterprise version).

If you are using a router for your Internet connection:
Use the filtering that comes with your router. Most will allow you to block web sites by URL, host names or by key words. You can administer most routers with your browser. Just type in the IP address of your router as a URL and you will be prompted for your router login. Example: http://192.168.1.1.

If you are using Internet Connection Sharing:
Go to the host computer that is running ICS. Open the HOSTS file on that computer. You can edit it with a text editor such as Notepad and it is found in the C:\Windows\System32\drivers\etc folder. Add a new line starting with 127.0.0.1 for each host name that you want to block - for example:
127.0.0.1 www.pornsite.com
127.0.0.1 www.mailsite.com
127.0.0.1 www.spammer.com
Note that computers obtain IP addresses for names (DNS) in the following order: HOST file, local DNS cache, DNS server, WINS server. Since you are making limited use of the HOST file, your computers will resolve the web sites to the local loopback address (127.0.0.1) instead of finding the correct address from your ISP's DNS servers.

If you are using a Proxy Server:
I believe that there may be a scaled down version of ISA Server found on Small Business Server. Proxy servers use rules based filtering and can also employ the use of add-ins that can subscribe to lists that are used to block inappropriate content in the workplace.

But they still can use MSN web messenger via some web-based proxy site isn't it?