Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.


Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!

Replying to Question About Blocking Msn In Linux

Post Options

Enable emoticons?

Enter Your Name

Security Check *

[quote name="jedipi" post="45488" timestamp="1122017975"] I am trying to block MSN. The following is my config: [CONSOLE]iptables -A FORWARD -d gateway.messenger.hotmail.com -j DROP iptables -A FORWARD --protocol tcp --dport 1863 -j REJECT --reject-with tcp-reset for i in `cat /etc/msnserverlist`;do /sbin/iptables -A FORWARD -d $i -j DROP;done for i in `cat /etc/msnserverlist`;do /sbin/iptables -A FORWARD -s $i -j DROP;done msnserverlist: 207.46.4.55 207.46.4.161 207.46.0.74 207.46.4.40 207.46.6.101 207.46.4.93 207.46.4.38 207.46.0.48 207.46.0.144 207.46.4.59 207.46.6.29 207.46.6.176 207.46.0.22 207.46.0.54 65.54.239.20 207.46.0.92 207.46.0.68 207.46.0.46 207.46.6.186 207.46.2.161 207.46.0.81 207.46.6.201 65.54.239.140 207.46.0.96 61.129.45.63 207.46.0.57 207.46.0.75 207.46.0.83 207.46.0.151 207.46.0.147 iptables -A FORWARD -d 64.4.12.200 -p udp --dport 7001 -j DROP iptables -A FORWARD -d 64.4.12.201 -p udp --dport 7001 -j DROP iptables -A FORWARD -d 65.54.226.247 -p udp --dport 443 -j DROP iptables -A FORWARD -d 207.46.104.20 -p udp --dport 1863 -j DROP iptables -A FORWARD -d 207.46.106.99 -p udp --dport 1863 -j DROP iptables -A FORWARD -d 207.46.110.254 -p udp --dport 80 -j DROP iptables -A FORWARD -s 64.4.12.200 -p udp --sport 7001 -j DROP iptables -A FORWARD -s 64.4.12.201 -p udp --sport 7001 -j DROP iptables -A FORWARD -s 65.54.226.247 -p udp --sport 443 -j DROP iptables -A FORWARD -s 207.46.104.20 -p udp --sport 1863 -j DROP iptables -A FORWARD -s 207.46.106.99 -p udp --sport 1863 -j DROP iptables -A FORWARD -s 207.46.110.254 -p udp --sport 80 -j DROP iptables -A FORWARD -d 64.4.12.200 -p tcp --dport 7001 -j DROP iptables -A FORWARD -d 64.4.12.201 -p tcp --dport 7001 -j DROP iptables -A FORWARD -d 65.54.226.247 -p tcp --dport 443 -j DROP iptables -A FORWARD -d 207.46.104.20 -p tcp --dport 1863 -j DROP iptables -A FORWARD -d 207.46.106.99 -p tcp --dport 1863 -j DROP iptables -A FORWARD -d 207.46.110.254 -p tcp --dport 80 -j DROP iptables -A FORWARD -s 64.4.12.200 -p tcp --sport 7001 -j DROP iptables -A FORWARD -s 64.4.12.201 -p tcp --sport 7001 -j DROP iptables -A FORWARD -s 65.54.226.247 -p tcp --sport 443 -j DROP iptables -A FORWARD -s 207.46.104.20 -p tcp --sport 1863 -j DROP iptables -A FORWARD -s 207.46.106.99 -p tcp --sport 1863 -j DROP iptables -A FORWARD -s 207.46.110.254 -p tcp --sport 80 -j DROP[/CONSOLE] But they do not work. MSN still can connect to the server. Does anyone know how to block it?? Notice from moonwitch: put console tag in, adjusted credits[/quote] [quote name="jedipi" post="45488" timestamp="1122017975"] I am trying to block MSN. The following is my config: [CONSOLE]iptables -A FORWARD -d gateway.messenger.hotmail.com -j DROP iptables -A FORWARD --protocol tcp --dport 1863 -j REJECT --reject-with tcp-reset for i in `cat /etc/msnserverlist`;do /sbin/iptables -A FORWARD -d $i -j DROP;done for i in `cat /etc/msnserverlist`;do /sbin/iptables -A FORWARD -s $i -j DROP;done msnserverlist: 207.46.4.55 207.46.4.161 207.46.0.74 207.46.4.40 207.46.6.101 207.46.4.93 207.46.4.38 207.46.0.48 207.46.0.144 207.46.4.59 207.46.6.29 207.46.6.176 207.46.0.22 207.46.0.54 65.54.239.20 207.46.0.92 207.46.0.68 207.46.0.46 207.46.6.186 207.46.2.161 207.46.0.81 207.46.6.201 65.54.239.140 207.46.0.96 61.129.45.63 207.46.0.57 207.46.0.75 207.46.0.83 207.46.0.151 207.46.0.147 iptables -A FORWARD -d 64.4.12.200 -p udp --dport 7001 -j DROP iptables -A FORWARD -d 64.4.12.201 -p udp --dport 7001 -j DROP iptables -A FORWARD -d 65.54.226.247 -p udp --dport 443 -j DROP iptables -A FORWARD -d 207.46.104.20 -p udp --dport 1863 -j DROP iptables -A FORWARD -d 207.46.106.99 -p udp --dport 1863 -j DROP iptables -A FORWARD -d 207.46.110.254 -p udp --dport 80 -j DROP iptables -A FORWARD -s 64.4.12.200 -p udp --sport 7001 -j DROP iptables -A FORWARD -s 64.4.12.201 -p udp --sport 7001 -j DROP iptables -A FORWARD -s 65.54.226.247 -p udp --sport 443 -j DROP iptables -A FORWARD -s 207.46.104.20 -p udp --sport 1863 -j DROP iptables -A FORWARD -s 207.46.106.99 -p udp --sport 1863 -j DROP iptables -A FORWARD -s 207.46.110.254 -p udp --sport 80 -j DROP iptables -A FORWARD -d 64.4.12.200 -p tcp --dport 7001 -j DROP iptables -A FORWARD -d 64.4.12.201 -p tcp --dport 7001 -j DROP iptables -A FORWARD -d 65.54.226.247 -p tcp --dport 443 -j DROP iptables -A FORWARD -d 207.46.104.20 -p tcp --dport 1863 -j DROP iptables -A FORWARD -d 207.46.106.99 -p tcp --dport 1863 -j DROP iptables -A FORWARD -d 207.46.110.254 -p tcp --dport 80 -j DROP iptables -A FORWARD -s 64.4.12.200 -p tcp --sport 7001 -j DROP iptables -A FORWARD -s 64.4.12.201 -p tcp --sport 7001 -j DROP iptables -A FORWARD -s 65.54.226.247 -p tcp --sport 443 -j DROP iptables -A FORWARD -s 207.46.104.20 -p tcp --sport 1863 -j DROP iptables -A FORWARD -s 207.46.106.99 -p tcp --sport 1863 -j DROP iptables -A FORWARD -s 207.46.110.254 -p tcp --sport 80 -j DROP[/CONSOLE] But they do not work. MSN still can connect to the server. Does anyone know how to block it?? Notice from moonwitch: put console tag in, adjusted credits[/quote]

or Cancel

Topic Summary

madcrow

Posted 27 July 2005 - 01:51 PM

I see. You're one of those evil bosses who wants to control everything your employees do and prevent them from using the internet for anything other than stock quotes and stuff.

Notice from qwijibow:

Your first post in this thread was tolerated, but this is just pointless spam/flaimbait.
please keep your posts relevant to the topic.

Trekkie101

Posted 23 July 2005 - 08:05 PM

4. Not true, the MSN protocal is pretty good if you have a bot, very easy to work with.

jipman

Posted 23 July 2005 - 05:08 PM

Why would you ever need to block MSN? Do you just not want Windows users to be able to connect to your server or something?

1. Did you ever think about that every single message goes through the m$ servers? And that privacy is a rare thing there?
2. Ever thought that if at work, everyone's nudging and msg'ing each other, would there be any work done?
3. You are confused, this has nothing to do with windows/linux, it's the PROTOCOL

[wha?]
4. MSN is the lamest protocol ever and GAIM ownzz it's sorry ass?
[/wha?]

madcrow

Posted 23 July 2005 - 04:14 PM

Why would you ever need to block MSN? Do you just not want Windows users to be able to connect to your server or something?

jipman

Posted 23 July 2005 - 12:57 PM

You could try to block all access from and to port 1863, that is the default port (maybe there are more, like the ones in your start-post

, but leave the 80 port open ).

Also, you also might need to ban somesites with online-messenger stuff, like

http://webmessenger.msn.com
http://www.e-messenger.net

jedipi

Posted 23 July 2005 - 11:20 AM

thanks moonwitch for adding the console tag.
I did try to add it before I click post button.
but it did look good in preveiw (even now). --- 1 line statement become 2 lines.
thats why I did do that.

and thanks for the suggestion...
however, the problem still remain.
MSN still can online.
any other ideas???

qwijibow

Posted 23 July 2005 - 09:55 AM

Im not 100%, but dont all the msn server use the same port (or same range of ports)
you may have more luck blocking tcp packets in state NEW to msn server ports.

iptables -A FORWARD -p tcp --dport <msn_server_port_range> -m state --state NEW -j DROP

terminal@console

iptables -A FORWARD -d gateway.messenger.hotmail.com -j DROP

iptables -A FORWARD --protocol tcp --dport 1863 -j REJECT --reject-with tcp-reset

for i in `cat /etc/msnserverlist`;do /sbin/iptables -A FORWARD -d $i -j DROP;done

for i in `cat /etc/msnserverlist`;do /sbin/iptables -A FORWARD -s $i -j DROP;done

msnserverlist:

207.46.4.55

207.46.4.161

207.46.0.74

207.46.4.40

207.46.6.101

207.46.4.93

207.46.4.38

207.46.0.48

207.46.0.144

207.46.4.59

207.46.6.29

207.46.6.176

207.46.0.22

207.46.0.54

65.54.239.20

207.46.0.92

207.46.0.68

207.46.0.46

207.46.6.186

207.46.2.161

207.46.0.81

207.46.6.201

65.54.239.140

207.46.0.96

61.129.45.63

207.46.0.57

207.46.0.75

207.46.0.83

207.46.0.151

207.46.0.147



iptables -A FORWARD -d 64.4.12.200 -p udp --dport 7001 -j DROP

iptables -A FORWARD -d 64.4.12.201 -p udp --dport 7001 -j DROP

iptables -A FORWARD -d 65.54.226.247 -p udp --dport 443 -j DROP

iptables -A FORWARD -d 207.46.104.20 -p udp --dport 1863 -j DROP

iptables -A FORWARD -d 207.46.106.99 -p udp --dport 1863 -j DROP

iptables -A FORWARD -d 207.46.110.254 -p udp --dport 80 -j DROP

iptables -A FORWARD -s 64.4.12.200 -p udp --sport 7001 -j DROP

iptables -A FORWARD -s 64.4.12.201 -p udp --sport 7001 -j DROP

iptables -A FORWARD -s 65.54.226.247 -p udp --sport 443 -j DROP

iptables -A FORWARD -s 207.46.104.20 -p udp --sport 1863 -j DROP

iptables -A FORWARD -s 207.46.106.99 -p udp --sport 1863 -j DROP

iptables -A FORWARD -s 207.46.110.254 -p udp --sport 80 -j DROP

iptables -A FORWARD -d 64.4.12.200 -p tcp --dport 7001 -j DROP

iptables -A FORWARD -d 64.4.12.201 -p tcp --dport 7001 -j DROP

iptables -A FORWARD -d 65.54.226.247 -p tcp --dport 443 -j DROP

iptables -A FORWARD -d 207.46.104.20 -p tcp --dport 1863 -j DROP

iptables -A FORWARD -d 207.46.106.99 -p tcp --dport 1863 -j DROP

iptables -A FORWARD -d 207.46.110.254 -p tcp --dport 80 -j DROP

iptables -A FORWARD -s 64.4.12.200 -p tcp --sport 7001 -j DROP

iptables -A FORWARD -s 64.4.12.201 -p tcp --sport 7001 -j DROP

iptables -A FORWARD -s 65.54.226.247 -p tcp --sport 443 -j DROP

iptables -A FORWARD -s 207.46.104.20 -p tcp --sport 1863 -j DROP

iptables -A FORWARD -s 207.46.106.99 -p tcp --sport 1863 -j DROP

iptables -A FORWARD -s 207.46.110.254 -p tcp --sport 80 -j DROP

But they do not work.
MSN still can connect to the server.
Does anyone know how to block it??

Notice from moonwitch:

put console tag in, adjusted credits

Review the complete topic (launches new window)