Blocking MSN Messenger
Novell Cool Solutions: Tip
By Robert Deverill
Digg This -
Posted: 16 Jul 2003
For ideas about using PreventRun and MSN Messenger 5, see this article.
There are lots of articles and information on the Cool Solutions sites on how to block Instant Messenger programs (The lowest form of code in a school admin's eyes). A firewall provides most protection for most programs via its ability to block traffic on ports.
The most widely used messenger in many locations is MSN Messenger. Therein lies the program:
If you block the main port that it uses (1683) using a firewall, MSN is smart enough to send data on port 80 (the standard HTTP port). So how do you stop all that chatting?
1. In the registry, navigate to: \HKUR\Software\Microsoft\MessengerService\
2. Find the item named Server: messenger.hotmail.com;22.214.171.124:1863. Change this value to Null;0.0.0.0:0
That's it. Combine this with a program that can perform this change, put it on a force run, and No More Chatting!
How to remove MSN messenger automatically (we didn't want our students to chat):
Put the following line in a login batch file or script:
if exist "c:\program files\messenger\*.*" RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Remove,5 if exist "c:\program files\messenger\*.*" deltree /Y "c:\program files\messenger"
If you have any questions you may contact Klaus at firstname.lastname@example.org
If you have policies that prohibit the use of chat software etc., you'll want to put MSN in BorderManager also. However this doesn't work since hotmail uses the same server address. So on to the next option, putting port 1863 in your firewall, oops, MSN now uses port 80.
Here's the trick:
Put a line in your hosts file on the pc which tells the msn messenger to look for the MSN server on localloopback. Voila! 127.0.0.0 gateway.messenger.hotmail.com is the server address to use.
If you have any questions you may contact Peter at email@example.com
I've read the solutions stated, but the solution mentioned in the following url: http://nscsysop.hypermart.net/no_chat.html did the job for me. Simple, managable, effective!
If you have BorderManager, here's an easy way to block Messenger. Just deny access to the following URLs:
The first one blocks MSN 4.x and the second one MSN 5.
If you're really heartless, you could just deny access to http://*.hotmail.com/*.*, but that would also block the normal Hotmail pages. But that would be just plain mean!
Much has been posted on this topic, but here's the three-minute solution.
We use DNS services from NetWare. I have set up 'fake' DNS entries for gtwy.messenger.hotmail.com and messenger.hotmail.com pointing to the loopback address 127.0.0.1 (Similar to Peter Schouten's tip).
This is easier to implement, and is not dependent on policies, logins or host files.
In less than 3 minutes I have 3000 workstations blocked - Linux included!
This could be locked down even further by combining with other Cool Solutions ideas, though I haven't yet found the need to do so.
If you have any questions you may contact Brent at firstname.lastname@example.org
This is my answer to block MSN Messenger 5.0. Works for me. I use NW51sp5, BM36C02, proxy authentication.
I added three rules.
1. Deny *://*messenger.hotmail.com/* This will deny its initial contact to port 1863. But then it changes the port.
2. Deny, Access type: Port, Service:HTTP, Origin Server Port:80, Transport: TCP & UDP, Source: ANY, Destination: 126.96.36.199.
3. Deny, Access type: Port, Service:HTTP, Origin Server Port:8080, Transport: TCP & UDP, Source: ANY, Destination: 188.8.131.52.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com