Step 2: The "block the nexus" approach: IM

In the wrong hands IM and P2P file sharing can be too much of a risk for your organization. There are many ways to block this traffic, but some are more elegant -- with less adverse effects -- than others. Contributor Serdar Yegulalp details this process in this step-by-step guide.

This Content Component encountered an error

This is a targeted approach, and it takes a little more work, but you can combine it with other methods to make it extremely effective. Combine this with preventing software installations (see step four), and you can keep the vast majority of messenger clients off your network.

Messenger clients usually have to log on to a central server to work properly. Ergo, the best way to block messenger clients is not to block the ports they use, but the central servers they use. For instance, AOL Instant Messenger's logon server is login.oscar.aol.com, which resolves to four IP addresses: 205.188.7.172, 205.188.7.176, 205.188.7.164, and 205.188.7.168. Block both the domain name and the IP addresses, and AIM should no longer work. (Blocking all of aol.com is probably impractical, but blocking just AIM's logon server should not pose any other problems.) For Yahoo! Messenger, the most commonly used logon addresses are msg.edit.yahoo.com, edit.messenger.yahoo.com, csa.yahoo.com, csb.yahoo.com, and csc.yahoo.com. (The IPs for these may vary, so be sure to check them.)

If you come across other clients you want to block, it should be easy enough to run them on a computer in a DMZ, analyze the connections they attempt to make with the command-line netstat tool, and then block all the sites they try to use. Note that static IPs for servers might change over time, so you may want to periodically re-check the IP addresses for any given logon server and make sure it's still being blocked.


Blocking IM and P2P

 Home: Introduction
 Step 1: The "easy, but stupid" approach
 Step 2: The "block the nexus" approach: IM
 Step 3: The "block the nexus" approach: P2P
 Step 4: The "block the application" approach


More information from SearchWindowsSecurity.com

  • News: Malcode targets Windows, IM users
  • Tip: Five steps to lockdown peer-to-peer networks

  • ABOUT THE AUTHOR:
    Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!

    Copyright 2005 TechTarget
    This was first published in January 2006

    Dig deeper on Windows Server and Network Security

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchServerVirtualization

    SearchCloudComputing

    SearchExchange

    SearchSQLServer

    SearchWinIT

    SearchEnterpriseDesktop

    SearchVirtualDesktop

    Close