| Author |
Allowing/blocking msn/yahoo & other chatting softwares on routers & firewalls
|
|
| haseeb_eng 2002-06-29, 2:03 am |
| I was looking on ietf website they had given the port number but i could'nt find out the port number of messagers & other chatting softwares . Can anybody tell me about this so i can implement on routers & pix firewall. | |
|
| you should go to the program's site and check their support page to see what port they are using.
for example, I just went to yahoo's chat thingy and click help, browse around and find out that they use port 5000 and 5001 | |
| strikeattack 2002-06-29, 7:54 am |
| All right. I haven't posted in weeks, so here goes. I picked a thread at random. It happened to be yours. Here is your answer.
AOL Instant Messenger: 5190
Cheetah Chat: 8002
MSN Messenger: 1863
ICQ 2000.b and higher: 5190
ICQ 2000.a and earlier: 4000
IRC Chat: 6667-7000
Pow-Wow: 13224-23213
Yahoo Messenger: 5050 | |
|
| dear all,
there is an easy way to know the ports that you programs are using:
form your PC go to--->run, then type: cmd
this will open the command prompt window, so now you can use the netstat command with the following keys:
C:\>netstat /help
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto
may be TCP or UDP. If used with the -s option to display
per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for TCP, UDP and IP; the -p option may be used to specify
a subset of the default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
Tamer Bayomy | |
| strikeattack 2002-06-29, 7:00 pm |
| The problem is that he is not running these programs. I am sure he simply wants to stop others from running them. So, they would not show up. | |
| amin7070 2002-06-29, 7:28 pm |
| if you want block/manage users internet access the best thing is to implement internet content management software such as surfcontrol or webinspector. this is the right way of doing that. if you use the firewall to block certain ports this creates alot administrative overhead !
Amin | |
| strikeattack 2002-06-29, 7:47 pm |
| Agreed. That is a good way of restricting access to the Internet. You would simply only grant specific TCP ports at your proxy servers. Simple, yet effective. | |
| darthfeces 2002-06-29, 8:39 pm |
| what seems to be the easiest with these thingys
that seem to try any transport (fair and unfair)
to get where their going.
such as real player using rtsp, dual tcp, single tcp, udp, even port 80 (rat bastards).
the easiest is to block access to the server
(for instance aim) login.oscar.aol.com port 5190
if you "officially" ban it
let then them complain about not being able to connect.
Microsoft(R) Windows 98
(C)Copyright Microsoft Corp 1981-1999.
C:\WINDOWS\Desktop>netstat
Active Connections
Proto Local Address Foreign Address State
TCP llama:2420 64.12.28.59:5190 ESTABLISHED
TCP llama:2424 64.12.26.19:5190 ESTABLISHED
TCP llama:2425 64.12.27.236:5190 ESTABLISHED
TCP llama:2432 oadm-m02.blue.aol.com:5190 ESTABLISHED
TCP llama:2457 128.242.228.49:80 CLOSE_WAIT
TCP llama:2461 128.242.228.49:80 CLOSE_WAIT
TCP llama:2463 examnotes.net:80 CLOSE_WAIT
TCP llama:2464 128.242.228.49:80 CLOSE_WAIT
C:\WINDOWS\Desktop> | |
| Yankee 2002-06-30, 8:39 am |
| I believe these messaging programs allow the change of the port assignment to port 80. Have fun blocking that one 
Yankee | |
| doctorcisco 2002-07-01, 9:20 am |
| quote:
Originally posted by Yankee
I believe these messaging programs allow the change of the port assignment to port 80. Have fun blocking that one
Yankee
At least for AOL Instant Messenger, Yankee is right. The way to break it is to block all traffic to login.oscar.aol.com. It has only 2 IP addresses. If ya can't log in, ya can't chat!
doc | |
| darthfeces 2002-07-01, 9:26 am |
| yes, that's what I said .... | |
| haseeb_eng 2002-07-02, 1:53 am |
| Cheers  | |
| firechicken 2002-07-02, 2:53 pm |
| Wait for me! 
Just a quick note: You can also combine aforementioned strategies with Cisco's CBAC, which can content filter. The list for Cisco's CBAC is limited last I checked, but it is growing.
I don't know if your PIX has CBAC (lame admins at my last job wouldn't let me play with PIX), but I don't see why it wouldn't.
If you really want to piss off your users by filtering by application, check out a stand-alone traffic shaper. }=D | |
| darthfeces 2002-07-02, 3:54 pm |
| no,
cbac is ios specific and i believe you have to upgrade ios to upgrade cbac. quite a pain.
the pix's strength is in it's simplicity.
http://www.cisco.com/warp/public/707/#IOS | |
| frank300zx 2002-07-04, 4:16 pm |
| So assuming these port numbers are all correct:
AOL Instant Messenger: 5190
Cheetah Chat: 8002
MSN Messenger: 1863
ICQ 2000.b and higher: 5190
ICQ 2000.a and earlier: 4000
IRC Chat: 6667-7000
Pow-Wow: 13224-23213
Yahoo Messenger: 5050
How would you right your access-list for a 2600 series of router to block these services? | |
| SureshHomepage 2002-07-04, 9:08 pm |
| You are right CBAC is availble only on firewall featured IOS. The IP plus and Enterprise plus haven't got. For 2501-2525 it is c2500-io-l.122-7b.bin |
|
|
|