Block MSN Messenger

RouterOS General
1

Please i need help

i need to block msn messenger in mikrotik
i tried to block port 1863 but still opening

if there is a way please advise

thanks in advance

2

There’s some information available on the web on how to do this. Usually it involves blocking access to some MS sites so that the user can’t login. Try a google search.

Regards

Andrew

3

you should block port 1863 TCP and UDP, also you should block this URL gateway.messenger.hotmail.com with IP 65.54.239.21, there are also some other things that should be filtered, check on the web.

Regards.

Faton

4

I tried to block also all ports that I found on internet but it wont help you… because if port 1863 is blocked than MSN connects to port 80 and that you can’t block…
I found another way to do it :slight_smile: and here it is:

If you want to block messenger for a specific IP address than here is the command. For example 172.16.0.1 is the ip you want to disable MSN messenger…

/ip firewall rule forward add action=drop src-address=172.16.0.1/32 dst-address=207.46.0.0/16

the subnet 207.46.0.0/16 is used from MSN for messenger servers… I got that during the packet sniffing.
It connected to these IP-s and ports for only 2 mins.
207.46.114.22:1863
207.46.114.44:1863
207.46.1.2:80
207.46.0.74:1863

so the best way was to deny the whole subnet :slight_smile:

5

This you can use to block the MICROSOFT completely.

If this is what you want to do, than it is OK.

Regards.

Faton

6

hi
here how I identified the msn protocol

chain=prerouting src-address=(internal ip)/24 protocol=tcp dst-port=1863 
     action=mark-routing new-routing-mark=CHAT passthrough=no 

chain=prerouting src-address=(internal ip)/24 protocol=tcp dst-port=5050 
     action=mark-routing new-routing-mark=CHAT passthrough=no
7

To block MSN I made a mangle rule to identify the new connection to the MSN port, then blocking that connection mark in the firewall, worked perfectly.

8

well guys i say to u dont use any of these suggestions.why?
coz msn messenger uses 1863 and 445 tcp ports.u can user netstat -n to see which msn messenger uses when it connects.
so i created a jump rule inside the forward chain like that:
0 ;;; Drop invalid connection packets
chain=forward connection-state=invalid action=drop

1 ;;; jump to chain ports
chain=forward action=jump jump-target=ports


And then inside my ports chain i can block any port i want.
The following is inside my ports chain:
2 X ;;; drop msn connections for 172 range
chain=ports protocol=tcp dst-port=1863 src-address-list=20x100 accounts
action=drop

3 X ;;; drop msn connections for 172 range
chain=ports protocol=tcp dst-port=443 src-address-list=20x100 accounts
action=drop
I tested those rules and worked 100%.I blocked the range or cetain IPs i want.
Ofcourse i have a problem in blocking yahoo messenger,why?
coz yahoo works on 5050 and 5061 ports,but when i try to block them yahoo will then swicht to other ports to work like 119.So i need help here
I hope this will work for u
Nobody is perfect.
zaher hamiyah

9

Hi,

with port 443 blocked, the whole SSL range of pages are also blocked!!!

Regards,
BT

10

There’s a much better and more effective way…

I just don’t know if there is any way to duplicate it with MT…

http://www.isaserver.org/tutorials/ISA-Firewall-Quick-Tip-Blocking-MSN-Messenger-Access-Enabling-Access-Some-Users.html outlines the concept (look about 1/3 of the way down the page, where there are screen shots of configureing the “Signature”)

this works for yahoo as well (and nearly any http client if you know it’s user agent string, provided that it’s not cloneing something you can’t block like IE or FireFox…)

11

very easy to do this via proxy servers and denying access to certain MIME-Types. MT’s proxy is to lacking though, so again get a box for a propper squid proxy server, and setup the appropriate http_allow rules.

12

“content” firewall matcher allows to inspect packets’ source for a given string. A good way to block Messenger based on it’s signature.