Réf. : How to block Yahoo Messenger through IP Tables

Réf. : How to block Yahoo Messenger through IP Tables

[alexander.swann]

Hello
I just did a quick search in the mails I received ;-)

   -----------------------------------------------------
   Daryl Martin wrote on the 08/16/02 :

      Just block outgoing traffic on port 1863 to block messenger traffic.
   http://support.microsoft.com/default.aspx?scid=kb;EN-US;q278887

      To block Yahoo it seems that's a little bit tricker.  To block yahoo
   you will have to block ports 5000-5010 for voice chat, 5100 for video.
   Yahoo messenger scans ports 5050 then 80 then any available port.  You
   will probably most likely have to block the yahoo messenging IP.
   http://help.yahoo.com/help/us/mesg/use/use-17.html

   -----------------------------------------------------

   See also the message of "Hanz F." on the 10/01/02 (4 days ago)

   -----------------------------------------------------

Hope this will help

Swann ;-)




|---------+----------------------------------->
|         |           Alok Shukla             |
|         |           <alokshukla@yahoo.com>  |
|         |           Envoyé par :            |
|         |           netfilter-admin@lists.ne|
|         |           tfilter.org             |
|         |                                   |
|         |                                   |
|         |           05/10/2002 17:59        |
|         |                                   |
|---------+----------------------------------->
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                                  |
  |       Pour :    netfilter@lists.netfilter.org                                                                                                    |
  |       cc :                                                                                                                                       |
  |       Objet :   How to block Yahoo Messenger through IP Tables                                                                                   |
  >--------------------------------------------------------------------------------------------------------------------------------------------------|




Hi ,

Sorry for asking this newbie question first.

I am running a network with a Linux Server as a
gateway. I am using IPtables as to masquerade internal
IPs for Internet usage. I want to block the uses of my
intranet for using yahoo messenger. I needed help for
this. In general i wanted to know how to block a
particular port.

Thanks in Advance

Alok Shukla

__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com

Re: =?unknown-8bit?q?R=E9f=2E=5F=3A=5FHow=5Fto=5Fblock=5FYahoo=5FMessenger=5Fthrough=5FIP?= Tables

[Hanz F.]

Hi,
blocking yahoo messenger on iptables is not enough,
becoze users will still be able to connect through a
proxy, u have to block it on the proxy as well.

Concerning my email of 10/01/02 it was not very
accurate, but unfortunately nobody warned me, I had to
discover the error by myself: there's a missing line ,
when I added it, yahoo messenger and ICQ worked (as
well as IRC after loading related modules)
this line is:
iptables -A FORWARD -i eth0 -o eth1 -m state --state
ESTABLISHED, RELATED -j ACCEPT

If u don't insert this line yahoo messenger will not
work but also most applications.


--- alexander.swann@synetics.fr wrote:
> 
> Hello
> I just did a quick search in the mails I received
> ;-)
> 
>   
>
-----------------------------------------------------
>    Daryl Martin wrote on the 08/16/02 :
> 
>       Just block outgoing traffic on port 1863 to
> block messenger traffic.
>   
>
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q278887
> 
>       To block Yahoo it seems that's a little bit
> tricker.  To block yahoo
>    you will have to block ports 5000-5010 for voice
> chat, 5100 for video.
>    Yahoo messenger scans ports 5050 then 80 then any
> available port.  You
>    will probably most likely have to block the yahoo
> messenging IP.
>   
> http://help.yahoo.com/help/us/mesg/use/use-17.html
> 
>   
>
-----------------------------------------------------
> 
>    See also the message of "Hanz F." on the 10/01/02
> (4 days ago)
> 
>   
>
-----------------------------------------------------
> 
> Hope this will help
> 
> Swann ;-)
> 
> 
> 
> 
> |---------+----------------------------------->
> |         |           Alok Shukla             |
> |         |           <alokshukla@yahoo.com>  |
> |         |           Envoyé par :            |
> |         |           netfilter-admin@lists.ne|
> |         |           tfilter.org             |
> |         |                                   |
> |         |                                   |
> |         |           05/10/2002 17:59        |
> |         |                                   |
> |---------+----------------------------------->
>  
>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
>   |                                                 
>                                                     
>                                            |
>   |       Pour :    netfilter@lists.netfilter.org   
>                                                     
>                                            |
>   |       cc :                                      
>                                                     
>                                            |
>   |       Objet :   How to block Yahoo Messenger
> through IP Tables                                   
>                                                |
>  
>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
> 
> 
> 
> 
> Hi ,
> 
> Sorry for asking this newbie question first.
> 
> I am running a network with a Linux Server as a
> gateway. I am using IPtables as to masquerade
> internal
> IPs for Internet usage. I want to block the uses of
> my
> intranet for using yahoo messenger. I needed help
> for
> this. In general i wanted to know how to block a
> particular port.
> 
> Thanks in Advance
> 
> Alok Shukla
> 
> __________________________________________________
> Do you Yahoo!?
> Faith Hill - Exclusive Performances, Videos & More
> http://faith.yahoo.com
> 
> 
> 
> 
> 
> 


__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com

Re: Yahoo Messenger

[Antony Stone]

On Sunday 06 October 2002 9:52 am, Hanz F. wrote:

> Hi,
> blocking yahoo messenger on iptables is not enough,
> becoze users will still be able to connect through a
> proxy, u have to block it on the proxy as well.
>
> Concerning my email of 10/01/02 it was not very
> accurate, but unfortunately nobody warned me, I had to
> discover the error by myself: there's a missing line ,
> when I added it, yahoo messenger and ICQ worked (as
> well as IRC after loading related modules)
> this line is:
> iptables -A FORWARD -i eth0 -o eth1 -m state --state
> ESTABLISHED, RELATED -j ACCEPT
>
> If u don't insert this line yahoo messenger will not
> work but also most applications.

I really don't see what this rule has to do with Yahoo Messenger specifically.

It simply says "allow packets through this firewall from eth0 to eth1 which 
are part of an existing connection, or related to one".

It is completely non-specific about any protocol (from OSI layer 3 up to 
layer 7) and cannot possibly be used to block or allow access to something 
specific such as Yahoo Messenger without affecting virtually everything else 
going through the firewall as well.

Unfortunately I know nothing about quite how Yahoo Messenger does work, and 
therefore I can't propose any sensible ways of blocking access to it, but 
it's surely going to be something less generalised than this.

Antony.

-- 

Normal people think "if it ain't broke, don't fix it".
Engineers think "if it ain't broke, it doesn't have enough features yet".

Re: Yahoo Messenger

[HareRam]

Hi all

i have developped some front end to user to login and log out
using Visual c++ and i want to count how many minutes he is online
and how many minutes he has reamaining.
all the things are working fine....

all users have static IP and ARP table is binded to specific user PC MAC
when the user looged in, iam replacing the  FORWARD rules with  ACCEPT
when he logged out iam replacing the same FORWARD Rules wiht DROP

the problems after this is.

1. after Dropping the Forward Rules, still he able to browse the existing
site which he is browsing
    but he is not getting any new sites, so i feel he is able to get the
existing connection data.
2. when he connect to Yahoo Messenger, he is not disconnecting, his
connection is continueing

what iam looking is, i want to drop all his rules when he logged out, so he
will not get any browsing nor he should able to loggin any chat Servers


any more help will be appriciated
thanks in advance

hare

RE: Yahoo Messenger

[R. Sterenborg]

> blocking yahoo messenger on iptables is not enough,
> becoze users will still be able to connect through a
> proxy, u have to block it on the proxy as well.
>

Maybe I'm thing too simple here, but...
From : http://help.yahoo.com/help/us/mesg/use/use-17.html

<snip>
If you are trying to connect from behind a firewall that doesn't use
proxy servers, Yahoo! Messenger will automatically search the firewall
for an open port, and, if it finds one, use that to connect. If
Messenger is unable to find an open port, ask your System
Administrator to open port 5050 to our Messenger servers,
cs1.yahoo.com, cs2.yahoo.com, and cs3.yahoo.com
<---->
If your Internet connection involves an HTTP proxy, follow these steps
to configure the Messenger to work through your connection:
</snip>

So, if you *don't* want users to connect to Yahoo Messenger, can't you
do :

# If users are NAT-ed
iptables -A FORWARD -d cs1.yahoo.com -j DROP
iptables -A FORWARD -d cs2.yahoo.com -j DROP
iptables -A FORWARD -d cs3.yahoo.com -j DROP


# Via (any ?) proxy
iptables -A OUTPUT -d cs1.yahoo.com -j DROP
iptables -A OUTPUT -d cs2.yahoo.com -j DROP
iptables -A OUTPUT -d cs3.yahoo.com -j DROP


Rob

RE: Yahoo Messenger

[Rob Sterenborg]

[-- Attachment #1: Type: text/plain, Size: 552 bytes --]

> Ive already tried this about a month ago and but theres an 
> error saying that "host/network 'cs1.yahoo.com' not found" 
> ... this is also treu with cs2 and cs3 ...hmmm am i the only 
> one getting this kind of error? Pls tell me

Right. I should have checked that.

Aren't there any servers mentioned in the messenger setup (I don't use it
myself) ?

I just checked on cs.yahoo.com and that one exists but everytime I ping that
server I'm redirected to cs41.msg.sc5.yahoo.com (216.136.233.128).
I don't know if that's the same one for you ?


Rob

[-- Attachment #2: Type: text/html, Size: 1126 bytes --]

RE: Yahoo Messenger

[Stewart Thompson]

[-- Attachment #1: Type: text/plain, Size: 1189 bytes --]

Hi:

            You could download Iptstate and install it on your Linux Router.
Then connect and disconnect several times to Yahoo with a client machine
while monitoring on the Router with Iptstate.  Once you know the IP’s, just
block them. My understanding is that this is more efficient than using host
names anyway. Hope that helps.

Stu……..


-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]On Behalf Of Rob Sterenborg
Sent: October 7, 2002 12:09 AM
To: 'harvey@hnu.edu.ph'
Cc: 'netfilter@lists.netfilter.org'
Subject: RE: Yahoo Messenger

> Ive already tried this about a month ago and but theres an
> error saying that "host/network 'cs1.yahoo.com' not found"
> ... this is also treu with cs2 and cs3 ...hmmm am i the only
> one getting this kind of error? Pls tell me
Right. I should have checked that.
Aren't there any servers mentioned in the messenger setup (I don't use it
myself) ?
I just checked on cs.yahoo.com and that one exists but everytime I ping that
server I'm redirected to cs41.msg.sc5.yahoo.com (216.136.233.128).
I don't know if that's the same one for you ?

Rob


[-- Attachment #2: Type: text/html, Size: 9289 bytes --]