Block MSN ???

Unanswered Question
Mar 15th, 2007


I have a PIX515 and I am trying to block MSN but all attempts failed. I use ethereal captured packets and block each possible destination nets. Later I found MSN tried to use 207.46.*.* port 80, but this IPs also use for windows auto-update, for sure I can not block it since I need update my windows. If MSN works like this, does that mean I can not block it??? It not make sense?

Any idea to block MSN ?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading. Thu, 03/15/2007 - 13:51

I think that if you need any Micro$oft service connectivity, you're obligated to all of them.

Not sure if the 515 can block domains, you might want to look into blocking *

bmennenga Thu, 03/15/2007 - 17:44

On an IOS firewall feature set you can enable the HTTP inspection and specifically limit access to certain domain names with the urlfilter exclusive deny command. The PIX relies fully on a URL filter server such as Websense. I'd setup the external router to do CBAC and enable the http inspection within CBAC.

rico_hao40 Fri, 03/16/2007 - 06:36

I also use Fortinet block





Looks like MSN use all these domain. so far so good, can block MSN and online-msn.


This Discussion