S
SammyBar
Hi,
I have a problem filtering the MSN Messenger to the users of the office. Our
policies allows access to MSN messenger to some users, and allows access to
the Web (without MSN Messenger) for a more wide group of users. We apply
these policies by using the Cisco PIX firewall filtering outbound
connections by IP.
Some month ago we filtered MSN Messenger by avoiding all outbound traffic to
the IPs 207.46.104.20 and 207.46.110.249. It was published on the Microsoft
web site. By filtering these addresses messenger clients were unable to
login into the service. But recently it changed. Now messenger is more
aggressive and scans a serie of IP addresses when trying to login. After
some googling I found the more effective way was to filter the entire subnet
207.46.0.0/16. It was suggested by some guys. It works very well, but it
also filters the access of some users to Hotmail. It looks like some Hotmail
servers are also located inside this subnet. So we need a "thinner" filter,
that discriminates MSN Messenger login servers from Hotmail.
I googled into the Microsoft web site but I was unable to find the official
reccomendation for filtering messenger that was published some months
(years?) ago. My question are:
How to block MSN Messenger without bocking hotmail?
Wich are the new directives from Microsoft for filtering Messenger? Are they
still published? Where?
Thanks in advance
Sammy
I have a problem filtering the MSN Messenger to the users of the office. Our
policies allows access to MSN messenger to some users, and allows access to
the Web (without MSN Messenger) for a more wide group of users. We apply
these policies by using the Cisco PIX firewall filtering outbound
connections by IP.
Some month ago we filtered MSN Messenger by avoiding all outbound traffic to
the IPs 207.46.104.20 and 207.46.110.249. It was published on the Microsoft
web site. By filtering these addresses messenger clients were unable to
login into the service. But recently it changed. Now messenger is more
aggressive and scans a serie of IP addresses when trying to login. After
some googling I found the more effective way was to filter the entire subnet
207.46.0.0/16. It was suggested by some guys. It works very well, but it
also filters the access of some users to Hotmail. It looks like some Hotmail
servers are also located inside this subnet. So we need a "thinner" filter,
that discriminates MSN Messenger login servers from Hotmail.
I googled into the Microsoft web site but I was unable to find the official
reccomendation for filtering messenger that was published some months
(years?) ago. My question are:
How to block MSN Messenger without bocking hotmail?
Wich are the new directives from Microsoft for filtering Messenger? Are they
still published? Where?
Thanks in advance
Sammy