blocking msn 6.x

blocking msn 6.x

[Alexis]

Hello, how can we block the use of the msn messenger with iptables?

ive tried blocking dport 1863, but the client tries then port 80 , port
443, and i cannot block those ports.

Then ive blocked some networks of M$ but i had to remove the rules
because some people uses hotmail.

Any help? (i think that packet inspection could see if the packet to
port 80 is a GET/POST or a different packet to mark.... but how can i do
this????)


any help??

Thanks in advance and best regards


-- 
Alexis <alexis@attla.net.ar>

Re: blocking msn 6.x

[Michael Gale]

Is the MSN packets TOS field different then a regular web surfing packets ?

If so you could block it by the TOS field.

Michael.

On Tue, 09 Dec 2003 14:13:40 -0300
Alexis <alexis@attla.net.ar> wrote:

> Hello, how can we block the use of the msn messenger with iptables?
> 
> ive tried blocking dport 1863, but the client tries then port 80 , port
> 443, and i cannot block those ports.
> 
> Then ive blocked some networks of M$ but i had to remove the rules
> because some people uses hotmail.
> 
> Any help? (i think that packet inspection could see if the packet to
> port 80 is a GET/POST or a different packet to mark.... but how can i do
> this????)
> 
> 
> any help??
> 
> Thanks in advance and best regards
> 
> 
> -- 
> Alexis <alexis@attla.net.ar>
> 
> 


-- 
Michael Gale
Network Administrator
Utilitran Corporation

Re: blocking msn 6.x

[Maciej Soltysiak]

Hi,

try l7filter or ipp2p to do high layer filtering.

Regards,
Maciej