* RE: block msn
@ 2003-07-16 21:45 George Vieira
2003-07-17 13:41 ` blocking MSN Messenger: my experiences ( almost long ) Leonardo Rodrigues Magalhães
0 siblings, 1 reply; 2+ messages in thread
From: George Vieira @ 2003-07-16 21:45 UTC (permalink / raw)
To: juanca, netfilter
Another one... Use TCPDUMP and see where there're coming from.
Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au
Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au
Phone : +61 2 9955 2644
HelpDesk: +61 2 9955 2698
-----Original Message-----
From: juanca [mailto:juanca@sat.com.py]
Sent: Wednesday, July 16, 2003 9:36 PM
To: netfilter@lists.netfilter.org
Subject: block msn
I`ve got this rulset but It doesn`t work what else do I need to add?
All the windows machine work msn, just on linux doesn`t
Any suggetions ?
Thanks in advance
iptables -A FORWARD -s 192.168.0.10 -p TCP --dport 1443:1467 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 207.46.107.33 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 207.46.110.38 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1863 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1513:1525 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 66.35.229.204 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 65.54.194.118 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 207.46.107.34 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 208.45.129.195 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1863 -d 0/0 -j DROP
iptables -A FORWARD -s 192.168.0.10 -d 207.46.110.11 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1863 -d 0/0 -j DROP
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1601:1603 -d 0/0 -j DROP
iptables -A FORWARD -s 192.168.0.10 -d 64.4.13.0/24 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 64.4.0.0/24 -j REJECT
iptables -A INPUT -p tcp -s 192.168.0.10 -d messenger.microsoft.com -j DROP
^ permalink raw reply [flat|nested] 2+ messages in thread
* blocking MSN Messenger: my experiences ( almost long )
2003-07-16 21:45 block msn George Vieira
@ 2003-07-17 13:41 ` Leonardo Rodrigues Magalhães
0 siblings, 0 replies; 2+ messages in thread
From: Leonardo Rodrigues Magalhães @ 2003-07-17 13:41 UTC (permalink / raw)
To: netfilter
I've tried for a long time block MSN Messenger using only iptables
rules. I couldnt get that working. I've seen some 'crazy' rules blocking
lots of IP blocks which, teorically, are the MSN Servers, but I really dont
like this kind of rules.
I could successfully block MSN Messenger using the following approach:
- all ports in my firewall are blocked, expect those I really want (
specified one by one ) which are allowed in FORWARD and POSTROUTING;
- even with this approach, MSN works because of the HTTP tunneling
stuff;
- for blocking the HTTP tunneling stuff, I've configured squid ( which
works in transparent proxy mode, which means ALL 80/tcp traffic goes there )
to block the expression 'gateway.dll'. Seems that all access done by MSN
Messenger using HTTP protocol uses this file.
( squid.conf relevant entries )
acl msnmessenger url_regex -i gateway.dll
http_access deny msnmessenger ( and this deny should be placed BEFORE your
ALLOW rules, are they're parsed linearly )
Here are some squid log entries that 'proves' my theory about
'gateway.dll'. In this firewall access to MSN Messenger is DENIED in squid,
so we'll see only DENYs here .... This DENYed entries represents MSN
Messenger trying to login ........
[root@correio squid]# cat /var/log/squid/access.log | grep gateway.dll
1058182392.455 147 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com -
NONE/- text/html
1058182397.640 1 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com -
NONE/- text/html
1058194534.786 29 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com -
NONE/- text/html
1058206234.395 1 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com -
NONE/- text/html
1058206492.547 4 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com -
NONE/- text/html
1058206498.132 4 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com -
NONE/- text/html
1058268737.709 1 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com -
NONE/- text/html
1058268744.993 4 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com -
NONE/- text/html
1058296167.865 1 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com -
NONE/- text/html
1058297215.332 4 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com -
NONE/- text/html
1058304370.039 1 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com -
NONE/- text/html
1058355175.908 7 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com -
NONE/- text/html
1058361247.628 1 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com -
NONE/- text/html
1058362187.640 4 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com -
NONE/- text/html
1058364639.802 1 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com - NONE/- text/html
1058440598.704 1 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com -
NONE/- text/html
1058440604.017 4 10.0.1.25 TCP_DENIED/407 2070 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com -
NONE/- text/html
[root@correio squid]#
In my case, access using 'random' ports wont happen, because I allow
only ports I want. And HTTP traffic is controled by squid which blocks
'gateway.dll' URLs. Using this, I could successfully block MSN Messenger
usage.
This is not a squid mailing list, I know. But i've tried for several
weeks block MSN Messenger using only iptables but I couldnt. I found
interesting to share my experiences in this subject with the list because I
know that a lot of people that are using iptables are also using squid, so I
think these comments and this 'solution' is relevant.
Sincerily,
Leonardo Rodrigues
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-07-17 13:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-07-16 21:45 block msn George Vieira
2003-07-17 13:41 ` blocking MSN Messenger: my experiences ( almost long ) Leonardo Rodrigues Magalhães
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.