Full proof way to block MSN?

[Sp00n]

Unfortunately I don't have ISA or anything like that installed and the router is just a DG834, i've tried adding all the msn servers to the block list but it still somehow manages to find a way through and connect.

Is there a specific way to deny access without purchasing extra kit?

 

[GhostlyPea]

Tried blocking it with ports if the router allows?

- Pea0n

 

[Sp00n]

Say what?

I have blocked the "msn ports" but that doesnt stop it tunneling via HTTP (80).

/edit i also don't really fancy doing it via GPO, just need to get it at router level.

 

[Trifid]

Block login.live.com and/or it's IP address? It will not stop web messenger's though.

 

[Peace]

bluecoat K9 is free or block it via GPO or maybe via keywords on the DG834.

 

[fini]

I'm presuming this is to block a child accessing it. If so, why not just employ some good parenting? (by which I mean beating them until they can no longer guide the mouse to the msn icon)

 

[MikeHiow]

login.live.com is a bad idea, as it cripples hotmail, and any other live based services.

Get signed upto opendns, use their DNS servers (Changing your routers dns servers to opendns should be sufficient), login, Settings, Content Filtering, "Customize" your current level, and check "Instant Messaging".

 

[Dogoid]

add all known msn servers in your hosts file with a 127.0.0.1 loopback on the machine you want to block it on.

 

[Sp00n]

I'm presuming this is to block a child accessing it. If so, why not just employ some good parenting? (by which I mean beating them until they can no longer guide the mouse to the msn icon)

No, its to block aroudn 20 users at one of my client sites.

I've tried blocking a load of URL's but it still manages to find away, i'l give login.live.com a whirl, that'll stop hotmail access as well won't it?

 

[MikeHiow]

Read my suggestion, it works.

 

[Trifid]

No, its to block aroudn 20 users at one of my client sites.

I've tried blocking a load of URL's but it still manages to find away, i'l give login.live.com a whirl, that'll stop hotmail access as well won't it?

They shouldn't be on personal mail anyway.

Read my suggestion, it works.

I agree that would be the better solution though.

 

[Sp00n]

Oh sorry, didnt see your post!

I'll give it a whirl when i get in to work, cheers

 

[Hutch]

Install something like websense and remove the personal mail access anyway?

 

[Sp00n]

Read my suggestion, it works.

Just tried it out, looks like its working!

Thanks very much, bloody good solution.

 

[bledd]

cue..

'msn is now blocked at my work, how can i enable it again?' thread

 

[Una]

Just tried it out, looks like its working!

Thanks very much, bloody good solution.

Really easy to circumvent mind. Just edit the hosts file on the local machine to the correct DNS entries or force the client machine to use a different dns server. You just need to make sure that people know messenger is against office regulations and could face a disciplinary. There is no such thing as a foolproof way if your trying hard to circumvent it.

 

[rjk]

there is a setting on our firewall that disables it after 3 minutes use
i will have a look for it in a sec

 

[Sp00n]

Really easy to circumvent mind. Just edit the hosts file on the local machine to the correct DNS entries or force the client machine to use a different dns server. You just need to make sure that people know messenger is against office regulations and could face a disciplinary. There is no such thing as a foolproof way if your trying hard to circumvent it.

Its actually in the office policy but I have been contacted by the MD and it's been brought to her attention that people are still using it but she wants to deal with it discreetly.

Personally I would rather flog her an SSG20 but I don't think she would like the price comparison on the netgear dg834

 

[Wayne~]

Then people use web messenger :/ Unless blocking live stops that?

 

[GeForce]

Simply out of curiosity, wouldn't an SSH Tunnel get round the OpenDNS solution?