Hi Sergio, Paranoic protection is not the solution, MSN Messager connects to port 80 when it can´t find port 1863. tcpdump is the best way to discover this but I think it´s easier to use netstat from the client host. You will have to block a lot of server from Microsoft (at least port 80). These is my rules from iptables to block one host (10.1.0.10). -A FORWARD -i eth2 -p tcp -m tcp -s 10.1.0.10 --dport 1863 -j DROP -A FORWARD -i eth2 -p tcp -m tcp -s 10.1.0.10 -d 207.46.110.0/24 -j DROP in ipchains you will get something like this: -A forward -p tcp -d 0/0 1863 -j DENY -A forward -p tcp -d 207.46.110.0/24 80 -j DENY Sometime ago I couldn´t open www.microsoft.com.br using this rules because those servers used to be the one who redirect www.microsoft.com.br to www.microsoft.com/brasil, but today I didn´t got this problem. Good luck. Bruno Pereti. PS. Your english is not worst than mine. :^) > > Hi friends, > > > > I am having problem for blocking ms-messenger. > > > > My firewall this based in packets filter and the policy > > input/output/forward is ACCEPT. > > > > Already the following politics in firewall is implemented in the top > > rules: > > > > ipchains -A input -p tcp -d any/0 --destination-port 1863 -j DENY > > ipchains -A input -p tcp -d any/0 --destination-port 1864 -j DENY > > ipchains -A forward -p tcp -d any/0 --destination-port 1863 -j DENY > > ipchains -A forward -p tcp -d any/0 --destination-port 1864 -j DENY > > ipchains -A output -p tcp -d any/0 --destination-port 1863 -j DENY > > ipchains -A output -p tcp -d any/0 --destination-port 1864 -j DENY > > > > ipchains -A input -p udp -d any/0 --destination-port 1863 -j DENY > > ipchains -A input -p udp -d any/0 --destination-port 1864 -j DENY > > ipchains -A forward -p udp -d any/0 --destination-port 1863 -j DENY > > ipchains -A forward -p udp -d any/0 --destination-port 1864 -j DENY > > ipchains -A output -p udp -d any/0 --destination-port 1863 -j DENY > > ipchains -A output -p udp -d any/0 --destination-port 1864 -j DENY > > > > However, these politics are not having validity, therefore my users are > > obtaining to use this program. > > > > Somebody as some tip of as to block this software? > > > > Thanks a lot! > > > > Best regards. > > > > P.S.: Plese, it forgives for the horrible english. :-) > > > > -- > > =================================== > > Sergio A. Lima Junior > > Analista de Suporte > > =================================== > > Servico de Atendimento ao Cliente > > Depto. de Suporte > > Gruponet Tecnologia > > sergio@xxxxxxxxxxxxxxx > > http://www.gruponet.com.br > > =================================== ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message.
