Does anyone implemented MSN blocking?

blackswans · ‎11-21-2007

I want to buy a AIP-ssm IPS for ASA 5510. Can I block msn ? Can I say this IP can use MSN but these are not ? is that possible ? I know that there is no user based configuration on IPS but is there a way to do that with IP ?

didyap · ‎11-27-2007

You can block MSN using source IP. If for example you'd like the signature action to only apply to IP address 10.1.1.2

1. Default Action for signature 11201 is e.g. TCP Reset

2. Event Action Filter defines:

Source Address: 0.0.0.0-10.1.1.1, 10.1.1.3-255.255.255.255

Jens Becker · ‎12-30-2007

For blocking instant messaging like msn you don't need an AIP-SSM.

You can block such traffic with the modular policy framework of asa os.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

cisco24x7 · ‎12-30-2007

Are you sure about it? Have you ever done

it before? Let say I want to block

AOL instant messenging. How do I go about

doing on the ASA? Can you give a specific

example? Thanks.

Jens Becker · ‎12-30-2007

You can't block AOL. MPF only supports blocking Yahoo and MSN.

The example of Cisco:

class-map imblock

match any // or acl

policy-map type inspect im impolicy

parameters

match protocol msn-im yahoo-im

drop-connection // or log , reset

policy-map imdrop

class imblock

inspect im impolicy

service-policy imdrop interface outside

i never tried, if the asa also discovers other protocols like AOL - don't think so, unfortunately.