How to block yahoo messanger on LAN using ASA 5510 ?

Unanswered Question
abinjola Fri, 09/17/2010 - 02:31

Keep in mind the following:

a) if your messengers are getting tunneled or encapsulated over port 443 then there is no way to block it, inspect IM only deals with native msn/yahoo msngr packets but if its encap'd over http than inspect http will be used

b)Inspect IM supports MSN Messenger 7.0 (Build 7.0.0816), Yahoo Messenger

This was tested by one of our colleague Kureli, and it worked for MSN

Try this for MSN:

regex msn-messenger "^VER [1-9] MSNP[1-9]+.*\x0d\x0a.*MSNMSGR.*\x0d\x0a"

class-map type inspect http match-all http-msn

match request method post

match request body regex msn-messenger

policy-map type inspect http http-msn

class http-msn      reset log

policy-map global_policy

class inspection_default

inspect http http-msn

Note that there is a space between VER and [1-9], and [1-9] and MSNP


This Discussion