bookmark - Question About Blocking Msn In Linux

Question About Blocking Msn In Linux

 
 Discussion by jedipi with 9 Replies.
 Last Update: July 27, 2005, 1:51 pm
 
bookmark - Question About Blocking Msn In Linux  
    
free web hosting
 
I am trying to block MSN.
The following is my config:

CODE

iptables -A FORWARD -d gateway.messenger.hotmail.com -j DROP
iptables -A FORWARD --protocol tcp --dport 1863 -j REJECT --reject-with tcp-reset
for i in `cat /etc/msnserverlist`;do /sbin/iptables -A FORWARD -d $i -j DROP;done
for i in `cat /etc/msnserverlist`;do /sbin/iptables -A FORWARD -s $i -j DROP;done
msnserverlist:
207.46.4.55
207.46.4.161
207.46.0.74
207.46.4.40
207.46.6.101
207.46.4.93
207.46.4.38
207.46.0.48
207.46.0.144
207.46.4.59
207.46.6.29
207.46.6.176
207.46.0.22
207.46.0.54
65.54.239.20
207.46.0.92
207.46.0.68
207.46.0.46
207.46.6.186
207.46.2.161
207.46.0.81
207.46.6.201
65.54.239.140
207.46.0.96
61.129.45.63
207.46.0.57
207.46.0.75
207.46.0.83
207.46.0.151
207.46.0.147

iptables -A FORWARD -d 64.4.12.200 -p udp --dport 7001 -j DROP
iptables -A FORWARD -d 64.4.12.201 -p udp --dport 7001 -j DROP
iptables -A FORWARD -d 65.54.226.247 -p udp --dport 443 -j DROP
iptables -A FORWARD -d 207.46.104.20 -p udp --dport 1863 -j DROP
iptables -A FORWARD -d 207.46.106.99 -p udp --dport 1863 -j DROP
iptables -A FORWARD -d 207.46.110.254 -p udp --dport 80 -j DROP
iptables -A FORWARD -s 64.4.12.200 -p udp --sport 7001 -j DROP
iptables -A FORWARD -s 64.4.12.201 -p udp --sport 7001 -j DROP
iptables -A FORWARD -s 65.54.226.247 -p udp --sport 443 -j DROP
iptables -A FORWARD -s 207.46.104.20 -p udp --sport 1863 -j DROP
iptables -A FORWARD -s 207.46.106.99 -p udp --sport 1863 -j DROP
iptables -A FORWARD -s 207.46.110.254 -p udp --sport 80 -j DROP
iptables -A FORWARD -d 64.4.12.200 -p tcp --dport 7001 -j DROP
iptables -A FORWARD -d 64.4.12.201 -p tcp --dport 7001 -j DROP
iptables -A FORWARD -d 65.54.226.247 -p tcp --dport 443 -j DROP
iptables -A FORWARD -d 207.46.104.20 -p tcp --dport 1863 -j DROP
iptables -A FORWARD -d 207.46.106.99 -p tcp --dport 1863 -j DROP
iptables -A FORWARD -d 207.46.110.254 -p tcp --dport 80 -j DROP
iptables -A FORWARD -s 64.4.12.200 -p tcp --sport 7001 -j DROP
iptables -A FORWARD -s 64.4.12.201 -p tcp --sport 7001 -j DROP
iptables -A FORWARD -s 65.54.226.247 -p tcp --sport 443 -j DROP
iptables -A FORWARD -s 207.46.104.20 -p tcp --sport 1863 -j DROP
iptables -A FORWARD -s 207.46.106.99 -p tcp --sport 1863 -j DROP
iptables -A FORWARD -s 207.46.110.254 -p tcp --sport 80 -j DROP


But they do not work.
MSN still can connect to the server.
Does anyone know how to block it??

Notice from moonwitch:
put console tag in, adjusted credits

Fri Jul 22, 2005    Reply    New Discussion   


First of all; USE THE QUOTES OR CONSOLE!

Secondly istead of listing the long list of each server, use 207.46.*.*

Fri Jul 22, 2005    Reply    New Discussion   

Theres a LOT more servers than that, over 200 if im right.

http://www.xeomax.net/scripts/download.php?a=MSNServersX

Run that, it'll give you a list and allow you to chose a server if you wanted.

Fri Jul 22, 2005    Reply    New Discussion   

Im not 100%, but dont all the msn server use the same port (or same range of ports)
you may have more luck blocking tcp packets in state NEW to msn server ports.

CODE

iptables -A FORWARD -p tcp --dport <msn_server_port_range> -m state --state NEW -j DROP

Sat Jul 23, 2005    Reply    New Discussion   


thanks moonwitch for adding the console tag.
I did try to add it before I click post button.
but it did look good in preveiw (even now). --- 1 line statement become 2 lines.
thats why I did do that.

and thanks for the suggestion...
however, the problem still remain.
MSN still can online.
any other ideas???

Sat Jul 23, 2005    Reply    New Discussion   

You could try to block all access from and to port 1863, that is the default port (maybe there are more, like the ones in your start-post :), but leave the 80 port open ).

Also, you also might need to ban somesites with online-messenger stuff, like

http://webmessenger.msn.com
http://www.e-messenger.net

Sat Jul 23, 2005    Reply    New Discussion   

Why would you ever need to block MSN? Do you just not want Windows users to be able to connect to your server or something?

Sat Jul 23, 2005    Reply    New Discussion   

QUOTE

Why would you ever need to block MSN? Do you just not want Windows users to be able to connect to your server or something?


1. Did you ever think about that every single message goes through the m$ servers? And that privacy is a rare thing there?
2. Ever thought that if at work, everyone's nudging and msg'ing each other, would there be any work done?
3. You are confused, this has nothing to do with windows/linux, it's the PROTOCOL

[wha?]
4. MSN is the lamest protocol ever and GAIM ownzz it's sorry ass?
[/wha?]

Sat Jul 23, 2005    Reply    New Discussion   

4. Not true, the MSN protocal is pretty good if you have a bot, very easy to work with.

Sat Jul 23, 2005    Reply    New Discussion   

I see. You're one of those evil bosses who wants to control everything your employees do and prevent them from using the internet for anything other than stock quotes and stuff.

Notice from qwijibow:

Your first post in this thread was tolerated, but this is just pointless spam/flaimbait.
please keep your posts relevant to the topic.

Wed Jul 27, 2005    Reply    New Discussion   

Quickly Post to Question About Blocking Msn In Linux w/o signup Share Info about Question About Blocking Msn In Linux using Facebook, Twitter etc. email your friend about Question About Blocking Msn In Linux Print
Reply / Comment Ask a Question? Share / Bookmark E-Mail a Friend Print

Which Linux Fuels You?   Which Linux Fuels You? (12) (5) Strange Opendir Problem does not work for /home directory  Strange Opendir Problem does not work for /home directory