Jump to content


Photo

Blocking Messenger Programs


  • Please log in to reply
5 replies to this topic

#1 Gary_V

Gary_V

    a.k.a. FastLearner

  • Retired Staff
  • PipPipPipPipPip
  • 1,061 posts

Posted 29 March 2007 - 12:11 PM

Hello. I was wondering if anyone has come accross a good reference as to how to quickly block access to the following Messenger programs:

ICQ
Yahoo Messenger
MSN Messenger
any other Messenging Client


What ports do they use? Which protocols and which IP addresses (or networks) do they use would be a great place to start... Perhaps there is a site out there that lists all of this in one place?

I am a network administrator and the client programs for some of the above have become very smart and are probing open ports and using them, such as ports 53, 21, and 25, etc. Another problem I'm having is that the online login sites, such as login.icq dot com uses Dynamic DNS that changes its address (and subnet!) every minute or so. How can I block these programs so that my users can't even use them? I don't even want them to be able to ping icq.com :) In the case of ICQ, I am positive they are using port 443 (HTTPS) but my firewall WatchGuard Firebox X5000 doesn't seem to support the third layer (i.e. blocking a domain name). I can only block the IP addresses, but like I said icq, fo one, uses hundreds of different ones in all kinds of ranges. Does anyone have any experience with such a thing or can someone point me in the right direction?

Thanks. :thumbsup:
To err is human--and to blame it on a computer is even more so.

-Robert Orben

A must read: How I got Infected in the First Place

Online Virus and Trojan Scanners
Panda Software . . . Trend Micro . . . Bitdefender . . . Sygate Trojan Scan . . . Trojan Scan

Tools for Fighting Spyware
Spybot S & D . . . Ad-aware . . . CWShredder . . . HijackThis . . . PeperFix

Tools for Prevention
SpywareBlaster . . . SpywareGuard . . . IE-Spyad . . . avast! Free Anti-Virus . . . AVG Free Anti-Virus
Zone Alarm Free Firewall . . . Kerio Personal Firewall

Help support SWI! Click here to learn how.

#2 Rob in NH

Rob in NH

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 23 January 2008 - 08:03 PM

XXX

Edited by Rob in NH, 24 January 2008 - 04:51 PM.


#3 Rob in NH

Rob in NH

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 23 January 2008 - 08:06 PM

XXX

Edited by Rob in NH, 24 January 2008 - 04:51 PM.


#4 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,467 posts

Posted 23 January 2008 - 09:46 PM

Please note that when people join the forum to advertise a program they have created that it is advisable to be very cautious before downloading and installing that program... We have had people post about programs that were actually malicious and we are not familiar with this program, so we do not know that it is safe... In this case, it is not clear on the site if this is a free program or if there is a charge to get it working... The person posting is not known to the malware fighting community and the program has not been assessed... If you wish to try this program, be advised that it is NOT endorsed by SWI and please use caution...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#5 Rob in NH

Rob in NH

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 23 January 2008 - 10:17 PM

XXX

Edited by Rob in NH, 24 January 2008 - 04:51 PM.


#6 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,758 posts

Posted 24 January 2008 - 05:34 AM

If you have a decent router (Netgear Rangemax), you can actually block things on it.

The higher-end Linksys business routers have the ability to block programs, ports, ANYTHING that comes out of a PC.

And, of course, if you're running Squid or Cisco gear... you've got god-mode over everything.

The most feasible option, assuming you're on broadband, would be to upgrade your router and be done with it.

Alternatively, parental control software could do the job as well.
Signature file is under revision. This will be back shortly.




Member of UNITE
Support SpywareInfo Forum - click the button