Some organizations issued to block some site, applications such Instant Messenger, peer2peer, etc. They have many reasons to do, most of all is productivity, connectivity, and many issue. For example, everyone must be know well what Instant Messenger is, and I bet most of you use this stuff either to keep in touch with your friends or just type your keyboard to chit-chat.
Ok, your organization that you work for, issued to block any Instant Messenger applications such mostly IM that uses are Yahoo! Messenger, Google Talk, MSN. Ok your superior instructed to block that applications including IM that run in browser and client. Take these actions on your firewall
To communicate Google Talk client uses Port 80, 443, 5223, and 5222. Google Talk also connects to 216.239.37.125, 72.14.253.125, 72.14.217.189 and 209.85.137.125. Or you can deny these address http://talk.google.com http://www.google.com/talk. To disable users to use Gtalk in Gmail, you can set deny rule to this address http://chatenabled.mail.google.com. (FYI, blocking 80 and 443 ports will unable to access HTTP and HTTPS based)
Yahoo! Messenger services runs at port 5050, 5150. Anyway it seem blocking YM through port is not effective, YM will scan any available port and use different one. However, some user can use YM through Yahoo! Mail, if so you can deny these address webcs.msg.yahoo.com and httpcs.msg.yahoo.com (both are DNS . Your user will see a disconnection error if they attempt to connect to chat.
MSN Messenger tries to use port 1863/TCP you may block that port. FYI, port 1863 is MSNP (Microsoft Notification Protocol), used by the .NET Messenger Service and a number of Instant Messaging clients. You can deny access to messenger.hotmail.com, msgr.hotmail.com, gateway.messenger.hotmail.com.
Windows Live Messenger use 6891–6900/TCP,UDP (use for file transfer), and 6901/TCP,UDP (for Voice). Set them deny !!.
For AOL you may block port 5190/TCP, 531/TCP,UDP and prevent access to AOL DNS at login.oscar.aol.com
Some organization have limited bandwith, even your bandwith is limited but you have freak users that use peer2peer application or either use Google Earth in work hour. No wonder if you have only 128 MB bandwith use for emails, applications, and your user use Google Earth. Heres some actions to deny access to unwanted application.
To prevent access to Google Earth, you may deny access to http://kh.google.com
4662/TCP often used by Emule, you can deny access to that port.
BitTorent often use these port so you can deny access to 6881–6887/TCP,UDP, 6889–6890/TCP,UDP, 6891–6900/TCP,UDP, 6901/TCP,UDP, 6902–6968/TCP,UDP, 6969/TCP, 6970–6999/TCP,UDP
LimeWire (I use to) use 6346/TCP,UDP. Set your deny rule to it.
7 comments ↓
its help
nice to help james
[...] mengunduh file secara umum. Kenapa menggunakan cara ini, karna mungkin saja ada policy untuk memblock aplikasi torrent, so jadi ini bisa jadi alternatif. [...]
[...] mengunduh file secara umum. Kenapa menggunakan cara ini, karna mungkin saja ada policy untuk memblock aplikasi torrent, so jadi ini bisa jadi alternatif. [...]
bener banget bgi yg srng download di wrnet cara ini sangat bergna skali.
mo tanya dong…. cara ngblok googleearth gimana ya…?
soalnya speed internet diktr kan kecil klo ada yang buka google earth langsung drop….
please klo ada yang tau caranya …..
sebelumnya thanks banget
@udin
diatas ada instruksinya. tutup akses ke http://kh.google.com
Leave a Comment