CCNP - any way to block MS Instant Messager using an Access List

Author

any way to block MS Instant Messager using an Access List

lew

2001-10-27, 5:02 pm

I thought that i read somewhere that if you know a certain "port" or "socket" for things like Napster and Microsoft Instant Messanger, you can block them. In our Novell network, we don't use any policy editors or software like Foolproof, because admin refuses....but people seem to be abusing the use of Instant Messenger.

thanks for any info on this subject

depamo

2001-10-27, 5:56 pm

Had to edit it, you wanted MS Instant Messenger ports, I originally thought that you wanted AOL but here is both--

I can only help you with the default port. I don't know how AOL crud will react when it cannot connect over its default port. Anyhow, if you block this -

quote:
If you're experiencing problems connecting to Instant Messenger from your office network,
talk to your Network or System Administrator. Chances are you're behind a 'firewall,' and
need to ask your System Administrator to open up port 5190 (this is Instant Messenger's
'default' port, which is like a secure door in your company's firewall).

If your users have half a brain, they will probably figure out how to change the default port but this will cool their heels for now.

Your choice is to block this on the distribution layer as inbound access lists or on your internet border routers as inbound or outbound access control lists. Pretty simple an quick.

Have a good one!

Sorry, had to edit, you wanted MS Instant Messenger, here is the port for that.

quote:
To enable the use of MSN Messenger Service: Open outgoing TCP
Port 1863, and configure it so that sockets on this port are open for
extended periods of time.

If you really want to piss some people off, allow them to connect but shorten the session inactivity time to something like half a second, they won't be able to figure it out for at least a couple of months so long as your admins staff can keep its mouth shut.

Sponsored Links