* blocking msn
@ 2004-12-23 15:13 Askar
2004-12-23 16:13 ` Jason Opperisano
0 siblings, 1 reply; 10+ messages in thread
From: Askar @ 2004-12-23 15:13 UTC (permalink / raw)
To: netfilter
hey here is quick question let suppose i drop MSN with the below rule
#iptables -A FORWARD -p tcp --dport 1863 -j DROP
but its not enough, if 1863 is blocked it tries to use port 80.
any work around ?
regards
--
(after bouncing head on desk for days trying to get mine working, I'll make
your life a little easier)
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: blocking msn
2004-12-23 15:13 blocking msn Askar
@ 2004-12-23 16:13 ` Jason Opperisano
2004-12-23 16:20 ` Rob Sterenborg
0 siblings, 1 reply; 10+ messages in thread
From: Jason Opperisano @ 2004-12-23 16:13 UTC (permalink / raw)
To: netfilter
On Thu, 2004-12-23 at 10:13, Askar wrote:
> hey here is quick question let suppose i drop MSN with the below rule
>
> #iptables -A FORWARD -p tcp --dport 1863 -j DROP
>
> but its not enough, if 1863 is blocked it tries to use port 80.
>
> any work around ?
> regards
the "proper" way to do this, is to block "--dport 1863" in your firewall
rules, and also REDIRECT port 80 traffic to a transparent HTTP proxy
(like squid), and use ACLs in the proxy to block access to:
http://gateway.messenger.hotmail.com/gateway/gateway.dll
if you want to do this with just IP filtering, you could try blocking
port 80 access to 207.46.104.20, which is what that FQDN currently
resolves to--but this solution is kludgey and requires that you keep up
with the IP address(es) constantly.
-j
--
"I have been shot eight times this year, and as a result, I almost
missed work."
--The Simpsons
^ permalink raw reply [flat|nested] 10+ messages in thread
* RE: blocking msn
2004-12-23 16:13 ` Jason Opperisano
@ 2004-12-23 16:20 ` Rob Sterenborg
2004-12-23 16:32 ` Jason Opperisano
0 siblings, 1 reply; 10+ messages in thread
From: Rob Sterenborg @ 2004-12-23 16:20 UTC (permalink / raw)
To: netfilter
netfilter-bounces@lists.netfilter.org wrote:
> if you want to do this with just IP filtering, you could try
> blocking port 80 access to 207.46.104.20, which is what that
> FQDN currently resolves to--but this solution is kludgey and
> requires that you keep up with the IP address(es) constantly.
You can do that, but last time I checked there were multiple IP's that
MSN Messenger connects to.
So, when you block one it will try another. You'll end up with a list of
MSN servers to block.
Gr,
Rob
^ permalink raw reply [flat|nested] 10+ messages in thread
* RE: blocking msn
2004-12-23 16:20 ` Rob Sterenborg
@ 2004-12-23 16:32 ` Jason Opperisano
2004-12-23 16:44 ` Askar
0 siblings, 1 reply; 10+ messages in thread
From: Jason Opperisano @ 2004-12-23 16:32 UTC (permalink / raw)
To: netfilter
On Thu, 2004-12-23 at 11:20, Rob Sterenborg wrote:
> You can do that, but last time I checked there were multiple IP's that
> MSN Messenger connects to.
> So, when you block one it will try another. You'll end up with a list of
> MSN servers to block.
yeah--i use the squid method, as i prefer not to have to maintain lists
of IP addresses/netblocks in a never-ending loop, as opposed to a single
line in squid.conf.
-j
--
"I've added an extra ingredient just for you. The merciless peppers
of Quetzlzacatenango! Grown deep in the jungle primeval by the
inmates of a Guatemalan insane asylum."
--The Simpsons
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: blocking msn
2004-12-23 16:32 ` Jason Opperisano
@ 2004-12-23 16:44 ` Askar
2004-12-24 7:21 ` Abu Mohd Amir
0 siblings, 1 reply; 10+ messages in thread
From: Askar @ 2004-12-23 16:44 UTC (permalink / raw)
To: netfilter
thanks every body for your time, this list really ROCKS!
regards
On Thu, 23 Dec 2004 11:32:48 -0500, Jason Opperisano <opie@817west.com> wrote:
> On Thu, 2004-12-23 at 11:20, Rob Sterenborg wrote:
> > You can do that, but last time I checked there were multiple IP's that
> > MSN Messenger connects to.
> > So, when you block one it will try another. You'll end up with a list of
> > MSN servers to block.
>
> yeah--i use the squid method, as i prefer not to have to maintain lists
> of IP addresses/netblocks in a never-ending loop, as opposed to a single
> line in squid.conf.
>
> -j
>
> --
> "I've added an extra ingredient just for you. The merciless peppers
> of Quetzlzacatenango! Grown deep in the jungle primeval by the
> inmates of a Guatemalan insane asylum."
> --The Simpsons
>
>
--
(after bouncing head on desk for days trying to get mine working, I'll make
your life a little easier)
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: blocking msn
2004-12-23 16:44 ` Askar
@ 2004-12-24 7:21 ` Abu Mohd Amir
0 siblings, 0 replies; 10+ messages in thread
From: Abu Mohd Amir @ 2004-12-24 7:21 UTC (permalink / raw)
To: Askar; +Cc: netfilter
use squid
acl msn req_mime_type ^application/x-msn-messenger$
http_access deny msn
On Thu, 23 Dec 2004 21:44:37 +0500, Askar <askarali@gmail.com> wrote:
> thanks every body for your time, this list really ROCKS!
>
> regards
>
>
> On Thu, 23 Dec 2004 11:32:48 -0500, Jason Opperisano <opie@817west.com> wrote:
> > On Thu, 2004-12-23 at 11:20, Rob Sterenborg wrote:
> > > You can do that, but last time I checked there were multiple IP's that
> > > MSN Messenger connects to.
> > > So, when you block one it will try another. You'll end up with a list of
> > > MSN servers to block.
> >
> > yeah--i use the squid method, as i prefer not to have to maintain lists
> > of IP addresses/netblocks in a never-ending loop, as opposed to a single
> > line in squid.conf.
> >
> > -j
> >
> > --
> > "I've added an extra ingredient just for you. The merciless peppers
> > of Quetzlzacatenango! Grown deep in the jungle primeval by the
> > inmates of a Guatemalan insane asylum."
> > --The Simpsons
> >
> >
>
> --
> (after bouncing head on desk for days trying to get mine working, I'll make
> your life a little easier)
>
>
--
Unix IS user friendly... It's just selective about who its friends are
^ permalink raw reply [flat|nested] 10+ messages in thread
* Blocking MSN
@ 2006-10-23 15:45 Facundo Barrera
2006-10-23 15:48 ` Thomas d'Otreppe
2006-10-23 15:52 ` Pablo Sanchez
0 siblings, 2 replies; 10+ messages in thread
From: Facundo Barrera @ 2006-10-23 15:45 UTC (permalink / raw)
To: netfilter
Hi list:
I need to block MSN to certain IP's of my LAN, i'm using
iptables on Slackware linux, please can u help me, or send me any link
to read about it.
Thanks.
--
Facundo Agustin Barrera
IT Management.
Buenos Aires - Argentina.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Blocking MSN
2006-10-23 15:45 Blocking MSN Facundo Barrera
@ 2006-10-23 15:48 ` Thomas d'Otreppe
2006-10-23 15:52 ` Pablo Sanchez
1 sibling, 0 replies; 10+ messages in thread
From: Thomas d'Otreppe @ 2006-10-23 15:48 UTC (permalink / raw)
To: Facundo Barrera; +Cc: netfilter
You should have a look at Layer-7: l7-filter.sourceforge.net
Thomas
2006/10/23, Facundo Barrera <facubarrera@gmail.com>:
> Hi list:
> I need to block MSN to certain IP's of my LAN, i'm using
> iptables on Slackware linux, please can u help me, or send me any link
> to read about it.
>
> Thanks.
>
>
>
> --
> Facundo Agustin Barrera
> IT Management.
> Buenos Aires - Argentina.
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* RE: Blocking MSN
2006-10-23 15:45 Blocking MSN Facundo Barrera
2006-10-23 15:48 ` Thomas d'Otreppe
@ 2006-10-23 15:52 ` Pablo Sanchez
2006-10-25 10:01 ` TechSafe Seguranca
1 sibling, 1 reply; 10+ messages in thread
From: Pablo Sanchez @ 2006-10-23 15:52 UTC (permalink / raw)
To: 'Facundo Barrera', netfilter
> -----Original Message-----
> From: netfilter-bounces@lists.netfilter.org
> [mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of
> Facundo Barrera
> Sent: Monday, October 23, 2006 11:46 AM
> To: netfilter@lists.netfilter.org
> Subject: Blocking MSN
>
> Hi list:
> I need to block MSN to certain IP's of my LAN, i'm using
> iptables on Slackware linux, please can u help me, or send me any link
> to read about it.
Hi,
MSN is devious as it'll use different ports if you block the port it
typically uses.
What you'll want to do is use L7 (layer 7) filtering in order to identify
MSN and block it.
This will require you have the kernel sources for your kernel and to patch
it as well as iptables. It sounds difficult but it's not.
Cheers,
---
Pablo Sanchez - Blueoak Database Engineering, Inc
Ph: 819.459.1926 Toll free: 888.459.1926
Cell: 819.918.9731 Pgr: pablo_p@blueoakdb.com
Fax: 603.720.7723 (US)
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Blocking MSN
2006-10-23 15:52 ` Pablo Sanchez
@ 2006-10-25 10:01 ` TechSafe Seguranca
0 siblings, 0 replies; 10+ messages in thread
From: TechSafe Seguranca @ 2006-10-25 10:01 UTC (permalink / raw)
To: facubarrera, netfilter
If your iptables will be compiled with patch-o-matic, is enough you
block string "gateway.dll".
iptables -A INPUT -m string --string 'gateway.dll' - j DROP
Cordial,
--
______________________________
TechSafe
Sua segurança sob nossa proteção
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2006-10-25 10:01 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-12-23 15:13 blocking msn Askar
2004-12-23 16:13 ` Jason Opperisano
2004-12-23 16:20 ` Rob Sterenborg
2004-12-23 16:32 ` Jason Opperisano
2004-12-23 16:44 ` Askar
2004-12-24 7:21 ` Abu Mohd Amir
-- strict thread matches above, loose matches on Subject: below --
2006-10-23 15:45 Blocking MSN Facundo Barrera
2006-10-23 15:48 ` Thomas d'Otreppe
2006-10-23 15:52 ` Pablo Sanchez
2006-10-25 10:01 ` TechSafe Seguranca
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.