Re: AW: [squid-users] Blocking MSN, YAHOO and other messenger clients

Dear Jörg,
I tried to block port but msn try its default port and lastly it try for
port 80 so blocking port does not work at all.

I tried below at my rule in iptables:
msn_port_block="6891:6901 1863 1590 5050 5150 8000 5101 1638 15001 1644
5000 1614 1677 1455 1071 1074 8001 1073"
for port_block in $msn_port_block
{
$FORWARD -p tcp --dport $port_block -j DROP
$FORWARD -p udp --dport $port_block -j DROP
}

But my friend msn and yahoo msn uses port 80 at last if it don't find
any its default port open so as I heard we can block it by knowing the
traffic pattern of msn and yahoo messenger.
Doing above I get a result that signing msn will take longer time to
sign in any way it gets sign in.

regards,
Ashok Gautam

Jörg Hoffmann wrote:
> Hi,
>
> A good way should be banning the port-range via iptables
> So you can even block tunnels which might allow every other application to
> leave your network
>
> Otherwise you can add acls to squid to block such ports. In the advanced
> configuration manual is a hint how to do this.
>
> Greetings
> Jörg H.
>
> -----Ursprüngliche Nachricht-----
> Von: Ashok Gautam(gashok) [mailto:gashok@wlink.com.np]
> Gesendet: Dienstag, 12. Februar 2008 07:01
> An: squid-users@squid-cache.org
> Betreff: [squid-users] Blocking MSN, YAHOO and other messenger clients
>
> Dear all,
> Currently I am managing linux box having squid and other network with
> 60+ nodes in a organization. But now the requirement came that to block
> MSN, YAHOO, GOOGLETALK, and other remaining messenger clients.
>
> Please show me the way how to block all the messengers this might be
> already done by one of you friends.
>
> Thanks in advance!!
>
> regards,
> Ashok Gautam
>
>
>
>
Received on Mon Feb 11 2008 - 23:58:10 MST