Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blocking MSN Messenger?

Posted by Cliff on from the making-IMs-not-so-instant dept.

Tekno2k3 asks: "As a sysadmin for a financial company, I have been tasked with removing Instant Messaging from our network. The only service that is being difficult is MSN Messenger. It uses many methods to get around being blocked. These include using port 80, using it's own DNS servers for lookup, using MANY logon servers, and using reverse DNS lookup. Has anyone had any success in blocking Messenger?"

9 of 236 comments (clear)

  1. Group policies are the solution by Anonymous Coward · · Score: 5, Informative

    Disable MSN Messenger via group policy.

  2. The easy way isn't always popular by seinman · · Score: 5, Funny

    Fire everyone who's caught using it. Eventually you'll fire enough people that they'll be afraid to open it. Just like the RIAA suing P2P users... eventually nobody will share because they'll be afraid of lawsuits.

    1. Re:The easy way isn't always popular by bluephone · · Score: 5, Informative
      Actually, it IS possible to remove MSN Messenger, and even things like Outlook Express. Two ways actually.

      You can just delete it, but make sure you delete it from both the program folder, and %SYSTEMROOT%\system32\dllcache which is where the "protected" copies live.

      An easier way is to edit %systemroot%\inf\sysoc.inf

      Open is in Notepad and under the Edit > Replace menu, replace all instances of HIDE with nothing, save, reboot. Then you can go to Control Panel > Add/Remove Programs and tell Windows to remove it.

      --
      jX [ Make everything as simple as possible, but no simpler. - Einstein ]
  3. Try this. by rplacd · · Score: 5, Informative

    Block port 1863 (tcp) at the router/nat box/whatever.

    On your web proxies (if you have them), block HTTP messages with the mime type "application/x-msn-messenger" and turn off HTTP CONNECT support for port 1863.

    Turn off SOCKS for port 1863, too.

    1. Re:Try this. by questionlp · · Score: 5, Informative

      According to may Gaim accounts.xml file (which stores passwords in clear-text unfortunately), port 1863 should be blocked (just to be safe, both TCP and UDP) and block outbound traffic going to messenger.hotmail.com [207.46.104.20]. Keep an eye on the IP that is resolved for that host name to make sure that it doesn't change in the future :)

  4. Packeteer by gooru · · Score: 5, Informative

    Have you tried Packeteer? Many educational institutions use it to shape and manage traffic. They also have a help page describing how to control instant messaging including MSN.

  5. Tell people not to use it... by anthony_dipierro · · Score: 5, Interesting

    Then log all access to port 1863.

  6. Re:Why block MSN? by leviramsey · · Score: 5, Informative

    RTFP. He's a sysadmin in the financial business, where IM that's not encrypted and securely logged is basically illegal (per SEC regulations). There are some (non-free) IM solutions that offer that functionality, though.

  7. Installl Messenger mandatory and lock it down by wimbor · · Score: 5, Informative
    I did the exact opposite at our company.

    I used group policy software distribution to force the install of Windows Messenger on all computers. Windows Messenger is a slightly different version than MSN Messenger but it can also connect to the IM system of Exchange. We use that in house as our instant messaging system.

    When once installed you can use Group Policies to lock the Windows messenger down. With registry keys embedded in the policies you can disable file transfer, video chat and even outside communications (to the internet, not intranet) of the client.

    We disabled file transfer to avoid viruses slipping in via this way.

    If I am correct you can even set Windows messenger to have priority on MSN messenger, thus disabling the MSN version. In this way you should have full control over the IM system. Check the knowledge base and technet for the necessary info. If necessary, contact me.