Please i need help
i need to block msn messenger in mikrotik
i tried to block port 1863 but still opening
if there is a way please advise
thanks in advance
-
-
prosservices
just joined
- Posts: 2
- Joined:
- Location: Lebanon
- Contact:
-
-
andrewluck
Forum Veteran
- Posts: 700
- Joined:
- Location: Norfolk, UK
I tried to block also all ports that I found on internet but it wont help you... because if port 1863 is blocked than MSN connects to port 80 and that you can't block...
I found another way to do it
and here it is:
If you want to block messenger for a specific IP address than here is the command. For example 172.16.0.1 is the ip you want to disable MSN messenger...
/ip firewall rule forward add action=drop src-address=172.16.0.1/32 dst-address=207.46.0.0/16
the subnet 207.46.0.0/16 is used from MSN for messenger servers... I got that during the packet sniffing.
It connected to these IP-s and ports for only 2 mins.
207.46.114.22:1863
207.46.114.44:1863
207.46.1.2:80
207.46.0.74:1863
so the best way was to deny the whole subnet
I found another way to do it
and here it is:If you want to block messenger for a specific IP address than here is the command. For example 172.16.0.1 is the ip you want to disable MSN messenger...
/ip firewall rule forward add action=drop src-address=172.16.0.1/32 dst-address=207.46.0.0/16
the subnet 207.46.0.0/16 is used from MSN for messenger servers... I got that during the packet sniffing.
It connected to these IP-s and ports for only 2 mins.
207.46.114.22:1863
207.46.114.44:1863
207.46.1.2:80
207.46.0.74:1863
so the best way was to deny the whole subnet
hi
here how I identified the msn protocol
here how I identified the msn protocol
Code: Select all
chain=prerouting src-address=(internal ip)/24 protocol=tcp dst-port=1863
action=mark-routing new-routing-mark=CHAT passthrough=no
chain=prerouting src-address=(internal ip)/24 protocol=tcp dst-port=5050
action=mark-routing new-routing-mark=CHAT passthrough=no
-
-
ParisDragon
newbie
- Posts: 32
- Joined:
- Location: NorthEast Texas, USA
- Contact:
Re: Block MSN Messenger
To block MSN I made a mangle rule to identify the new connection to the MSN port, then blocking that connection mark in the firewall, worked perfectly.Please i need help
i need to block msn messenger in mikrotik
i tried to block port 1863 but still opening
if there is a way please advise
thanks in advance
Last edited by ParisDragon on Mon Jul 24, 2006 6:30 pm, edited 1 time in total.
-
-
zaherhamiyah
Frequent Visitor
- Posts: 82
- Joined:
well guys i say to u dont use any of these suggestions.why?
coz msn messenger uses 1863 and 445 tcp ports.u can user netstat -n to see which msn messenger uses when it connects.
so i created a jump rule inside the forward chain like that:
0 ;;; Drop invalid connection packets
chain=forward connection-state=invalid action=drop
1 ;;; jump to chain ports
chain=forward action=jump jump-target=ports
....................................................................
.....................................................................
And then inside my ports chain i can block any port i want.
The following is inside my ports chain:
2 X ;;; drop msn connections for 172 range
chain=ports protocol=tcp dst-port=1863 src-address-list=20x100 accounts
action=drop
3 X ;;; drop msn connections for 172 range
chain=ports protocol=tcp dst-port=443 src-address-list=20x100 accounts
action=drop
I tested those rules and worked 100%.I blocked the range or cetain IPs i want.
Ofcourse i have a problem in blocking yahoo messenger,why?
coz yahoo works on 5050 and 5061 ports,but when i try to block them yahoo will then swicht to other ports to work like 119.So i need help here
I hope this will work for u
Nobody is perfect.
zaher hamiyah
coz msn messenger uses 1863 and 445 tcp ports.u can user netstat -n to see which msn messenger uses when it connects.
so i created a jump rule inside the forward chain like that:
0 ;;; Drop invalid connection packets
chain=forward connection-state=invalid action=drop
1 ;;; jump to chain ports
chain=forward action=jump jump-target=ports
....................................................................
.....................................................................
And then inside my ports chain i can block any port i want.
The following is inside my ports chain:
2 X ;;; drop msn connections for 172 range
chain=ports protocol=tcp dst-port=1863 src-address-list=20x100 accounts
action=drop
3 X ;;; drop msn connections for 172 range
chain=ports protocol=tcp dst-port=443 src-address-list=20x100 accounts
action=drop
I tested those rules and worked 100%.I blocked the range or cetain IPs i want.
Ofcourse i have a problem in blocking yahoo messenger,why?
coz yahoo works on 5050 and 5061 ports,but when i try to block them yahoo will then swicht to other ports to work like 119.So i need help here
I hope this will work for u
Nobody is perfect.
zaher hamiyah
-
-
BrianHiggins
Forum Veteran
- Posts: 720
- Joined:
- Location: Norwalk, CT
- Contact:
There's a much better and more effective way....
I just don't know if there is any way to duplicate it with MT...
http://www.isaserver.org/tutorials/ISA- ... Users.html outlines the concept (look about 1/3 of the way down the page, where there are screen shots of configureing the "Signature")
this works for yahoo as well (and nearly any http client if you know it's user agent string, provided that it's not cloneing something you can't block like IE or FireFox....)
I just don't know if there is any way to duplicate it with MT...
http://www.isaserver.org/tutorials/ISA- ... Users.html outlines the concept (look about 1/3 of the way down the page, where there are screen shots of configureing the "Signature")
this works for yahoo as well (and nearly any http client if you know it's user agent string, provided that it's not cloneing something you can't block like IE or FireFox....)
