mchin345 Mon, 04/17/2006 - 05:54
User Badges:
  • Silver, 250 points or more

The first thing we need to know is what ports are being used by MSN Messenger.you need to block TCP Ports 6891 to 6900 on the firewall.

MartinPayette Sat, 04/22/2006 - 19:52
User Badges:

Hi

there is more ports than that!

Here is what MS Engineer sent me:


These are the ports you need to block for the file transfer feature:


- MSN Messenger version 5 uses ports 6891 through 6900.

- MSN Messenger versions 6.2, 7.0, and 7.5 use TCP ports 6720 through 65535 or UDP ports 31000 through 31500.


Note: MSN Messenger chooses the appropriate range of ports based on the MSN Messenger version and the type of connection. If a direct connection is not possible, MSN Messenger transfers the file at a rate of 120 packets per minute, with each packet limited to 1300 bytes, through the switchboard server. MSN Messenger also uses the switchboard server for instant messaging.


These are the Internet ports that MSN Messenger for Windows uses.


Sign in to the MSN Messenger service:

- Port 1863 or the HTTP port


Note: The HTTP port is typically port 80.


Audio and video conferencing:

- UDP ports 5004 through 65535


Webcam and video conversations:

- MSN Messenger will try to connect on ports 80 or 8080. If those ports do not work, Messenger will try to connect on TCP ports 5000 through 65535. If those ports do not work, MSN Messenger will transmit webcam and video conversations through a reflector server on ports 9000 or 9001.


Whiteboard:

- Port 1503


Application sharing:

- Port 1503


Remote assistance:

- Port 3389


MSN Messenger can user port 80...

you will need to block the domain for MSN servers...


I tried to block MSN File transfert and this is IMPOSSIBLE! (Cisco engineer confirmed that fact)


reason: file transfert are not done directly. You pass the transaction to a MSN server and then the other PC


Hope it helps!


victorrodrigues Sun, 04/23/2006 - 20:56
User Badges:

do u have ISA server behind ur firewall ? i tried everything with my Cisco firewall.. but was more cumbersome.. found easy doc for ISA. works perfect.

let me know and will drop in the URL .. setttings have to do with TCP header in ISA.

I hope Cisco simplifies Messenger blocking and issues documentation too ASAP. dont like goin to MS for security...

ppoulin Fri, 08/18/2006 - 12:13
User Badges:

I saw your reply and can you provide the URL on how to do it using ISA.


Thanks

Actions

This Discussion