Block MSN ???

Unanswered Question
Mar 15th, 2007
User Badges:

Hi,

I have a PIX515 and I am trying to block MSN but all attempts failed. I use ethereal captured packets and block each possible destination nets. Later I found MSN tried to use 207.46.*.* port 80, but this IPs also use for windows auto-update, for sure I can not block it since I need update my windows. If MSN works like this, does that mean I can not block it??? It not make sense?

Any idea to block MSN ?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
bmennenga Thu, 03/15/2007 - 17:44
User Badges:

On an IOS firewall feature set you can enable the HTTP inspection and specifically limit access to certain domain names with the urlfilter exclusive deny msn.com command. The PIX relies fully on a URL filter server such as Websense. I'd setup the external router to do CBAC and enable the http inspection within CBAC.

rico_hao40 Fri, 03/16/2007 - 06:36
User Badges:

I also use Fortinet block

*messenger.hotmail.com

*messenger.msn.com

*msnmessenger.akadns.net

*webmessenger.msn.com

Looks like MSN use all these domain. so far so good, can block MSN and online-msn.





Amit Singh Fri, 03/16/2007 - 08:05
User Badges:
  • Cisco Employee,

Hello,


Upgrade you PIX to the latest 7.x series and you can use the URL filtering feature of the IOS to block the URL's that you dont want to permit for the users. It has more enhanced granular traffic filtering built into it.


http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/firewall/filter.htm


HTH,Please rate if it does.


-amit singh

Actions

This Discussion