Below is a list of the main Instant Messenger applications (including ports and destinations) for the denial of use via policy based rules.
Please note : With creating policy based rules the following rules will be required,
- Destination any with a service port of the below ports (excluding http and https)
- Destination of the below with a service port of http/https.
Protocol | Port | Destination |
IRC | tcp 6665-9 | n/a |
MSN | tcp 1863 http https | g.msn.com gateway.messenger.hotmail.com webmessenger.msn.com 64.4.13.0/24 65.52.0.0/16 207.46.110.0/24 |
Yahoo | tcp 5050 tcp 5000-1 tcp 5100 http https | msg.yahoo.com shttp.msg.yahoo.com update.pager.yahoo.com webmessenger.yahoo.com pager.yahoo.com messenger.yahoo.com |
AOL | tcp 5190 http https | login.oscar.aol.com |
Google Talk | tcp 5222 http https | talk.google.com |
Skype | tcp/udp 1024-65535 http https | dynamic |
Skype
Skype can be extremely difficult to block due to the way in which the Skype protocol functions.
The Skype protocol is designed by default to circumvent conventional firewall blocking methods. It will attempt to connect via ephemeral ports UDP/TCP 1024-65535, if connection via any ports within these ranges fail it will attempt to connect out using HTTP or HTTPS.
The only way to block this traffic is via payload inspection, which is typically performed via IDS/IPS engines.
Due to the initial server / client message exchange being non-SSL, denying payloads which include the value 0x170310000 will prevent the establishment of Skype.
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become an IT Security expert?
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial