How do you block access to msn messnger?

[mountain_rage]

Hi

Im trying to block msn messenger from working in a highschool without blocking access to hotmail and msn sites. Is their a way to do this? I was thinking maybe blocking the ip but that would block hotmail access too I think.

[blinkytheblinkman]

Try having the network administrator shut down the port(s) that it runs on. I don't know how easy or feasible this would be.

[mountain_rage]

I have admin access I duno if my teacher will care if I do this. He wanted me to find some solutions because basically I know more then he does. So il try that, if it doesn't work il just have to resault to me first option, make it impossible to find and crash it when they try and run it. They can't use it if it doesn't work:D.

[wonderboy2005]

yes, blocking the port that messenger uses would cripple it. if your wondering, the port is 1863.

alternatively, you could block the host adress alltogether. as you said, you dont want to block access to hotmail and the like. However, this will work because messenger uses a subdomain. If you just block the subdomain, all else will be fine.

You can block a domain via the HOSTS file. the hosts file is located in different directories depending on the operating sytem:

Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC

Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC

Win 98\ME = C:\WINDOWS

after you have found the hosts file, you will need to open it with notepad (or you can just open notepad and find the hosts file from within notepad)

once it is open, you can begin adding domains you would like to block (or redirect)

this is the format you need to use in the hosts file:

127.0.0.1 gateway.messenger.hotmail.com

essentially, that line is telling your computer that "gateway.messenger.hotmail.com" is at 127.0.0.1 (which is always the home address of the computer you are using) even though its not. since your computer cant access gateway.messenger.hotmail.com, it gives up and messenger no longer works. the same concept works for other IM clients as well.

here are the domains of several IM clients:

# AOL Instant Messenger: login.oscar.aol.com, possibly toc.oscar.aol.com and login.icq.com
# MSN Messenger: gateway.messenger.hotmail.com (was login.gateway.hotmail.com)
# ICQ: login.icq.com and http.proxy.icq.com (Was icq.mirabilis.com and login.icq.com previously)
# Yahoo! Messenger: msg.edit.yahoo.com/*

note: almost all of this info was obtained via google.

[blinkytheblinkman]

Or if you are setting up a proxy.

Login server names - set up a Deny URL access rule for these sites
AOL Instant Messenger: login.oscar.aol.com, possibly toc.oscar.aol.com and login.icq.com

MSN Messenger: gateway.messenger.hotmail.com (was login.gateway.hotmail.com)
ICQ: login.icq.com and http.proxy.icq.com (Was icq.mirabilis.com and login.icq.com previously)
Yahoo! Messenger: msg.edit.yahoo.com/*
(Yahoo! Messenger: Might also need to block messenger.yahoo.com/* andhttp.pager.yahoo.com/* Be sure to type in the http on that last URL).

http://nscsysop.hypermart.net/no_chat.html


Block Port 1863
IP Address Range
207.46.110.0/255.255.255.0
64.4.13.0/255.255.255.0
65.52.0.0/255.255.0.0
**This block will not affect hotmail or microsoft.com access**

Please note that in testing MSN Messenger6 it appears to only use the 207.46.110.X range if 1863 is blocked, so the blocking of destination IP ranges should not be the only rule relied on, TCP 1863 should be included. If TCP1863 is open then it will connect to a range of 207.46.X.X which includes the mircosoft.com site.

http://www.novell.com/coolsolutions/...ck_msn_bm.html

[Lehk]

or how about having application level security so people cannot install IM software to begin with (and delete MSN messenger, then replace it with a null file read only so windows won't try to replace it later

[serrebi101]

I have admin access I duno if my teacher will care if I do this. He wanted me to find some solutions because basically I know more then he does. So il try that, if it doesn't work il just have to resault to me first option, make it impossible to find and crash it when they try and run it. They can't use it if it doesn't work:D.

I don't know where to begin. For one thing when you block 6891-6899 wich are the ports msn uses, it defaults to port 80, have fun blocking that.
Even if you make the prog unusable, have fun dealing with 3rd party apps, and let me tell you , there can be a lot of them. :P
Edit: Continuing on here, there's several web clients as well, so go ahead and block the IP's, you never know when a web client can fit on a disk, or maybe even use p2p as it's distribution mechanism with ssl incription etc.
Yeah, im just in a ranting mood, but you see that blocker messenger ip's and ports would not cripple access, just slow it down for the stupid people.

[mountain_rage]

thats ok theirs alot of stupid people, up to now i just made the folder hidden and most couldn't figure it out. Thanks for the help everyone I should be able to block it with that advice.

[mcovey]

there are a lot of tools that will kill windows messenger totally, but if you're installing it on more than say,30 computers it might be hard. My school used to use macs, which make it much more easier to block individual apps. but my dumb teacher never blocked the unix command line so it was pretty easy to do anything anyways.

[Lord_of_the_Dense]

My admin blocks AIM, ICQ and MSN, but not Yahoo. After installation, however, I have to mess with the proxy options to allow it to work properly. I miss the days I had admin access. :hi