Blocking Instant Messengers
Novell Cool Solutions: Feature
Digg This -
Slashdot This
Posted: 19 Sep 2002 |
If you are fighting to keep your users from using Instant Messengers of any kind, check this out. This should help you implement the parts of your security policy that deal with the risks of transferring unencrypted information over this insecure avenue. (Not to mention, encouraging your users to work more and chat less.) Here's how to block all the major Instant Messengers, from AOL to Yahoo.
Block AOL Instant Messenger
This solution requires TCP/IP filtering support. Verify filter support is enabled by loading INETCFG from the server console, selecting 'Protocols', 'TCP/IP', and verify 'Filter Support' is set to 'Enabled'. NetWare supports Packet Forwarding Filters and Routing Information Filters. You can configure these filters through FILTCFG.NLM.
Once you have verified TCP/IP filtering support is enabled, load the Filter Configuration NetWare Loadable Module at the server console, by executing the following command-line:
LOAD FILTCFG
Select 'Configure TCP/IP Filters' then 'Packet Forwarding Filters'. Verify the 'Status' is 'Enabled'.
If the 'Action' is set to 'Deny Packets in Filter List', press enter on 'Filters' containing the highlighted text '(List of Denied Packets)'. Displayed will be a list of the currently configured TCP/IP Forwarding Filters, in DENY mode. Press the INSERT key to define a new DENY filter for AIM. Modify the 'Dest Addr Type' field, selecting 'Host' instead of 'Any Address'. Select the 'Dest IP Address' field. Enter '152.163.241.128' in the 'Address' field, press the ESC key to keep changes. You may optionally enter a reference to AIM in the comment field. Press the ESC key, and choose 'Yes' to save the DENY filter. Create three more DENY filters for the following host addresses: 152.163.242.24, 152.163.242.28, 152.163.241.120.
NOTE: The default port used by AIM is 5190, which may fall into an existing exception filter that allows dynamic/TCP (ports 1024-65535) which takes precedence over the deny filters created above. If this is the case the AIM service will NOT be blocked. TCP/IP Packet Forwarding Filters "Action:" set to "Permit Packets in Filter List" is preferred, because EXCEPTION filters can be made that would always block communication to AIM services taking precedence over the permitted filters (which then could include dynamic/TCP).
If the 'Action' is set to 'Permit Packets in the Filter List', press enter on 'Exceptions' containing the highlighted text '(List of Packets Always Denied)'. Displayed will be a list of the currently configured EXCEPTIONS to the TCP/IP Forwarding Filters. Press the INSERT key to define a new EXCEPTION filter for AIM. Modify the 'Dest Addr Type' field, selecting 'Host' instead of 'Any Address'. Select the 'Dest IP Address' field. Enter '152.163.241.128' in the 'Address' field, press the ESC key to keep changes. You may optionally enter a reference to AIM in the comment field. Press the ESC key, and choose 'Yes' to save the EXCEPTION filter. Create three more EXCEPTION filters for the following host addresses: 152.163.242.24, 152.163.242.28, 152.163.241.120.
The default Internet address of the AOL Instant Messenger (SM) service is login.oscar.aol.com, this address is used by AIM for authentication purposes. This default host address is valid at the time of this writing and is subject to change at any time.
The default authentication server is obtain by loading the AOL Instant Messenger client and left-clicking the 'Setup' button, left-click 'Connection' tab, left-click 'Reset', and viewing the 'Host:' input box. If AIM is loaded and the user is authenticated, the default connection server is obtained by left-clicking 'My AIM', scrolling down to 'Edit Options', left-click 'Edit Preferences', left-click 'Connection' tab, left-click 'Reset', and viewing the 'Host:' input box.
The following is a NSLOOKUP query for login.oscar.aol.com which reveals DNS entries, such as A, MX, NS, PTR, about a hostname, domain name or IP address. This assumes that the selected DNS contains information about the hostname, domain name or IP address in question.
Looking up [login.oscar.aol.com]
Server: dns-01.ns.AOL.com Address: 152.163.159.232 login.oscar.aol.com internet (IPv4) address = 152.163.241.120 login.oscar.aol.com internet (IPv4) address = 152.163.241.128 login.oscar.aol.com internet (IPv4) address = 152.163.242.24 login.oscar.aol.com internet (IPv4) address = 152.163.242.28 oscar.aol.com nameserver = dns-01.ns.aol.com oscar.aol.com nameserver = dns-02.ns.aol.com dns-01.ns.aol.com internet (IPv4) address = 152.163.159.232 dns-02.ns.aol.com internet (IPv4) address = 205.188.157.232
By performing this query we are shown that login.oscar.aol.com is associated with four IP addresses. This may change at any time, so it is recommended you perform your own NSLOOKUP using server dns-01.ns.AOL.com or dns-02.ns.AOL.com when implementing this solution.
For more info see TID 10061334
Block ICQ
This fix requires TCP/IP filtering support. Verify filter support is enabled by loading INETCFG from the server console, selecting 'Protocols', 'TCP/IP', and verify 'Filter Support' is set to 'Enabled'. NetWare supports Packet Forwarding Filters and Routing Information Filters. You can configure these filters through FILTCFG.NLM.
Once you have verified TCP/IP filtering support is enabled, load the Filter Configuration NetWare Loadable Module at the server console.
LOAD FILTCFG
Select 'Configure TCP/IP Filters' then 'Packet Forwarding Filters'. Verify the 'Status' is 'Enabled'.
If the 'Action' is set to 'Deny Packets in Filter List', press enter on 'Filters' containing the highlighted text '(List of Denied Packets)'. Displayed will be a list of the currently configured TCP/IP Forwarding Filters, in DENY mode. Press the INSERT key to define a new DENY filter for ICQ. Modify the 'Dest Addr Type' field, selecting 'Host' instead of 'Any Address'. Select the 'Dest IP Address' field. Enter '64.12.162.57' in the 'Address' field, press the ESC key to keep changes. You may optionally enter a reference to ICQ in the comment field. Press the ESC key, and choose 'Yes' to save the DENY filter. Create an additional DENY filter for the following host address: 205.188.179.233
If the 'Action' is set to 'Permit Packets in the Filter List', press enter on 'Exceptions' containing the highlighted text '(List of Packets Always Denied)'. Displayed will be a list of the currently configured EXCEPTIONS to the TCP/IP Forwarding Filters. Press the INSERT key to define a new EXCEPTION filter for ICQ. Modify the 'Dest Addr Type' field, selecting 'Host' instead of 'Any Address'. Select the 'Dest IP Address' field. Enter '64.12.162.57' in the 'Address' field, press the ESC key to keep changes. You may optionally enter a reference to ICQ in the comment field. Press the ESC key, and choose 'Yes' to save the EXCEPTION filter. Create an additional EXCEPTION filter for the following host address: 205.188.179.233
The default Internet address of the ICQ Inc., ICQ instant messaging service is login.icq.com, this address is used in the ICQ authentication process. The address is valid at the time of this writing and is subject to change at any time.
The default authentication server is obtain by loading the ICQ instant messaging client (Windows platform) and left-clicking the 'ICQ' icon (main menu), left-click 'Preferences', left-click 'Connections', left-click 'Server' tab, left-click 'Reset', and viewing the 'Host:' input box.
The following is a NSLOOKUP query for login.icq.com which reveals DNS entries, such as A, MX, NS, PTR, about a hostname, domain name or IP address. This assumes that the selected DNS contains information about the hostname, domain name or IP address in question.
Non-authoritative answer: login.icq.com Internet (IPv4) address = 64.12.162.57 login.icq.com Internet (IPv4) address = 205.188.179.233 Authoritative answers can be found from: ICQ.com nameserver = DNS-01.ICQ.NET ICQ.com nameserver = DNS-02.ICQ.NET DNS-01.ICQ.NET Internet (IPv4) address = 152.163.159.234 DNS-02.ICQ.NET Internet (IPv4) address = 205.188.157.234
By performing this query we can see that login.icq.com is associated with two IP addresses. This may change at any time, so it is recommended you perform your own NSLOOKUP when implementing this solution.
For more info see TID 10061337
Block MSN Messenger
This fix requires TCP/IP filtering support. Verify filter support is enabled by loading INETCFG from the server console, selecting 'Protocols', 'TCP/IP', and verify 'Filter Support' is set to 'Enabled'. NetWare supports Packet Forwarding Filters and Routing Information Filters. You can configure these filters through FILTCFG.NLM.
Once you have verified TCP/IP filtering support is enabled, load the Filter Configuration NetWare Loadable Module at the server console.
LOAD FILTCFG
Select 'Configure TCP/IP Filters' then 'Packet Forwarding Filters'. Verify the 'Status' is 'Enabled'.
If the 'Action' is set to 'Deny Packets in Filter List', press enter on 'Filters' containing the highlighted text '(List of Denied Packets)'. Displayed will be a list of the currently configured TCP/IP Forwarding Filters, in DENY mode. Press the INSERT key to define a new DENY filter for the MSN Instant Messenger Service. Modify the 'Dest Addr Type' field, selecting 'Network' instead of 'Any Address'. Select the 'Dest IP Address' field. Enter '64.4.13.0' in the 'Address' field. Enter '255.255.255.0' in the 'Subnetwork Mask' field, press the ESC key to keep changes. You may optionally enter a reference to MSN Instant Messenger Service in the comment field. Press the ESC key, and choose 'Yes' to save the new filter.
If the 'Action' is set to 'Permit Packets in the Filter List', press enter on 'Exceptions' containing the highlighted text '(List of Packets Always Denied)'. Displayed will be a list of the currently configured EXCEPTIONS to the TCP/IP Forwarding Filters. Press the INSERT key to define a new EXCEPTION filter for the MSN Instant Messenger Service. Modify the 'Dest Addr Type' field, selecting 'Network' instead of 'Any Address'. Select the 'Dest IP Address' field. Enter '64.4.13.0' in the 'Address' field. Enter '255.255.255.0' in the 'Subnetwork Mask' field, press the ESC key to keep changes. You may optionally enter a reference to MSN Instant Messenger Service in the comment field. Press the ESC key, and choose 'Yes' to save the new filter.
The MSN Instant Messenger Service appears to require communication with messenger.hotmail.com, as well as msgr-ns1.msgr.hotmail.com through msgr-ns50.msgr.hotmail.com (IP range 64.4.13.30 - 64.4.13.227).
[messenger.hotmail.com] Translated Name: messenger.hotmail.com IP Address: 64.4.13.17
Additionally, a DENY or EXCEPTION filter could be created to prevent communication with host 64.4.13.17
For more info see TID 10061335
For additional ideas, see Blocking MSN Messenger
Block Yahoo
This fix requires TCP/IP filtering support. Verify filter support is enabled by loading INETCFG from the server console, selecting 'Protocols', 'TCP/IP', and verify 'Filter Support' is set to 'Enabled'. NetWare supports Packet Forwarding Filters and Routing Information Filters. You can configure these filters through FILTCFG.NLM.
Once you have verified TCP/IP filtering support is enabled, load the Filter Configuration NetWare Loadable Module at the server console.
LOAD FILTCFG
Select 'Configure TCP/IP Filters' then 'Packet Forwarding Filters'. Verify the 'Status' is 'Enabled'.
If the 'Action' is set to 'Deny Packets in Filter List', press enter on 'Filters' containing the highlighted text '(List of Denied Packets)'. Displayed will be a list of the currently configured TCP/IP Forwarding Filters, in DENY mode. Press the INSERT key to define a new DENY filter for Yahoo! Instant Messaging. Modify the 'Dest Addr Type' field, selecting 'Network' instead of 'Any Address'. Select the 'Dest IP Address' field. Enter '204.71.201.0' in the 'Address' field. Enter '255.255.255.0' in the 'Subnetwork Mask' field, press the ESC key to keep changes. You may optionally enter a reference to Yahoo! Instant Messenger in the comment field. Press the ESC key, and choose 'Yes' to save the new filter.
If the 'Action' is set to 'Permit Packets in the Filter List', press enter on 'Exceptions' containing the highlighted text '(List of Packets Always Denied)'. Displayed will be a list of the currently configured EXCEPTIONS to the TCP/IP Forwarding Filters. Press the INSERT key to define a new EXCEPTION filter for Yahoo! Instant Messaging. Modify the 'Dest Addr Type' field, selecting 'Network' instead of 'Any Address'. Select the 'Dest IP Address' field. Enter '204.71.201.0' in the 'Address' field. Enter '255.255.255.0' in the 'Subnetwork Mask' field, press the ESC key to keep changes. You may optionally enter a reference to Yahoo! Instant Messenger in the comment field. Press the ESC key, and choose 'Yes' to save the new exception filter.
The Yahoo! instant messaging service appears to require communication with msg.edit.yahoo.com, as well as cs.yahoo.com (or csa.yahoo.com, csb.yahoo.com, csc.yahoo.com, etc.). The following list shows a majority of the servers Yahoo! Messenger communicates with. This information is provided only for your convenience and is subject to change at any time. Shown is the hostname, IP address and any alias hostnames or IP addresses. This assumes that the DNS contains information about the hostname or IP address in question. If you need more up-to-date and advanced information such as an MX record, please use NSLOOKUP. As you can see a majority of these IP Addresses are denied by our newly created filter.
[msg.edit.yahoo.com] Translated Name: edit.messenger.yahoo.com IP Address: 204.71.201.91 IP Address: 204.71.201.97 IP Address: 204.71.201.94 IP Address: 204.71.201.224 IP Address: 204.71.201.123 IP Address: 204.71.201.180 IP Address: 204.71.202.120 IP Address: 204.71.201.96 Alias: msg.edit.yahoo.com [cs.yahoo.com] Translated Name: cs.yahoo.com IP Address: 204.71.202.58 IP Address: 204.71.200.54 IP Address: 216.115.105.57 IP Address: 204.71.200.57 IP Address: 216.115.106.48 IP Address: 204.71.200.55 IP Address: 216.115.105.214 IP Address: 204.71.202.119 IP Address: 204.71.201.100 IP Address: 216.136.131.93 IP Address: 204.71.202.59 [csb.yahoo.com] Translated Name: csb.yahoo.com IP Address: 204.71.201.100 IP Address: 204.71.202.58 [csc.yahoo.com] Translated Name: csc.yahoo.com IP Address: 204.71.200.55 IP Address: 204.71.200.57 IP Address: 204.71.200.54 [csa.yahoo.com] Translated Name: cs.yahoo.com IP Address: 204.71.202.59 IP Address: 216.115.106.48 IP Address: 204.71.200.57 IP Address: 216.115.105.214 IP Address: 204.71.202.119 IP Address: 216.136.131.93 IP Address: 204.71.200.54 IP Address: 216.115.105.57 IP Address: 204.71.202.58 IP Address: 204.71.201.100 IP Address: 204.71.200.55 Alias: csa.yahoo.com
For more info see TID 10061333
Related Reading

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com