Re: Stop yahoo messenger

[Jagadish <jag@qsupport.com>]

On Sunday 05 May 2002 08:55 pm, you wrote:

Thanks Steve !! . I was able to stop both yahoo and msn messenger services 
with these rules.
Yahoo_Messenger_Block="{ 216.136.0.0/16 }"
MSN_Messenger_Block="{ 64.4.13.0/24 }"   
block out log quick on $ExtInt inet proto tcp from any to  \
$Yahoo_Messenger_Block port != 80
block in log quick on $ExtInt inet proto tcp from $Yahoo_Messenger_Block \
 port != 80 to any
block out log quick on $ExtInt from any to $MSN_Messenger_Block
block in log quick on $ExtInt from $MSN_Messenger_Block to any

But packet filter didn't match all the IP address which these hosts resolved
cs.yahoo.com and scsa.yahoo.com
when i used. 
block out quick on $ExtInt inet proto tcp from cs.yahoo.com to any  port 5050
block out quick on $ExtInt inet proto tcp from scsa.yahoo.com to any  port 
5050

this used to match only the first ip the hosts resolved to.

jagadish

> > Any idea on how to block yahoo messenger using Packet Filter.
> > I tried blocking cs.yahoo.com scsa.yahoo.com and also port 5050 but
>
> couldn't
>
> > stop yahoo from getting out of the packet filter.
>
> Like most instant messengers today, Yahoo Mesenger will scan other ports if
> it finds that its default port is blocked.  It also will work through an
> http proxy.  If you really want to block it, about your only choice is to
> block all of the Yahoo netblocks by IP address, which of course will also
> block web access.  The other option of course is to just watch for Yahoo
> Messenger packets/connections, then walk over and uninstall it for the
> user. If you want to get complicated, you could even write a script to
> watch for YM connections, then block that user's Internet access for a half
> hour.