If you really want to prevent the use of Instant Messaging apps, the only sure way is to lock down the workstation to the point that they can no longer be loaded and make sure your companies Internet usage policy prohibits the use of IM applications.
Most IM programs in use today adapt themselves automatically to work behind a firewall. This includes unsing port 80, 23, or any other available port to get it's message through. That said, here's a few things I've found to work for me in the field.
To block AOL IM you can block port 5190 and the AIM authentication servers login.oscar.aol.com (current addresses: 184.108.40.206, 220.127.116.11)
Yahoo Messenger doesn't seem to use any standard port but you can try the same thing with blocking their login servers at (cs.yahoo.com and scsa.yahoo.com) 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11 and 18.104.22.168
MSN Messenger can be blocked with TCP Port 1863 and IP Range 22.214.171.124/24. I don't believe this will block out any web content with MSN, but use with caution.
ICQ can be blocked with ports 4000/UDP, 5190/TCP, and login.icq.com (126.96.36.199, 188.8.131.52).
I've found this info very useful in filtering the use of IM apps for my customers, and I'm sure you will too.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...