Block MSN ???

Unanswered Question
Mar 15th, 2007

Hi,

I have a PIX515 and I am trying to block MSN but all attempts failed. I use ethereal captured packets and block each possible destination nets. Later I found MSN tried to use 207.46.*.* port 80, but this IPs also use for windows auto-update, for sure I can not block it since I need update my windows. If MSN works like this, does that mean I can not block it??? It not make sense?

Any idea to block MSN ?

Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
bjw@gty.ci.hend... Thu, 03/15/2007 - 13:51

I think that if you need any Micro$oft service connectivity, you're obligated to all of them.

Not sure if the 515 can block domains, you might want to look into blocking *.msn.com

bmennenga Thu, 03/15/2007 - 17:44

On an IOS firewall feature set you can enable the HTTP inspection and specifically limit access to certain domain names with the urlfilter exclusive deny msn.com command. The PIX relies fully on a URL filter server such as Websense. I'd setup the external router to do CBAC and enable the http inspection within CBAC.

rico_hao40 Fri, 03/16/2007 - 06:36

I also use Fortinet block

*messenger.hotmail.com

*messenger.msn.com

*msnmessenger.akadns.net

*webmessenger.msn.com

Looks like MSN use all these domain. so far so good, can block MSN and online-msn.

Actions

This Discussion