Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Windows Live Messenger and P2P application
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Windows Live Messenger and P2P application - 22.Jan.2008 3:48:29 AM
|
|
|
y.alkhateeb
Posts: 42
Joined: 21.Jan.2008
From: Palestinian in Kuwait
Status: offline
|
Hello every body,
I'm facing a problem in blocking Windows Live messenger 8.5, i've been trying for the past few days to do so but it still working , i used the signatures: - Windows Live messenger
- 8.5.1302.1018 (The build version of Live messenger i'm using)
- Windows Live messenger 8.5.1302.1018
- Windows Live messenger Build 8.5.1302.1018
but non have been succeeded to do so, i need your help to find out how can i block it and is there any way to block all builds of Live messengers rather than entering the signature of each build? Im using ISA server 2004 WITHOUT Firewall client and have a domain configuration.
Moreover, i tried also to find a way to block ORBIT P2P application but couldn't find any way to do it ... you can find the application in the following link
http://www.orbitdownloader.com
Thanks,
< Message edited by y.alkhateeb -- 22.Jan.2008 3:49:37 AM >
_____________________________
Yasser Alkhateeb
Network and Communication Engineer
|
|
|
|
|
RE: Windows Live Messenger and P2P application - 24.Jan.2008 8:48:43 AM
|
|
|
elmajdal
Posts: 5071
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
Hi ,
I managed to block Live Messenger, the current version i am using is : 8.5.1302.1018
I blocked it by signature as follows :
Request Hearders
User-Agent:
8.5.1302.1018
As for the Orbit P2P, i didnt have the time to try it yet. will reply back soon
HTH,
Tarek
< Message edited by elmajdal -- 24.Jan.2008 8:52:19 AM >
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
RE: Windows Live Messenger and P2P application - 25.Jan.2008 1:46:19 PM
|
|
|
y.alkhateeb
Posts: 42
Joined: 21.Jan.2008
From: Palestinian in Kuwait
Status: offline
|
Guys,
First of all, thanks alot for your responses ... I've tried the signature "Windows Live Messenger" but it didn't work ... Saturday i'll try it with the build version again cause i think i didn't include the last 4 digits of the build version . . However, i'm waiting your response on the Orbit application cause it's a major issue to me ...
Thanks in advance,
_____________________________
Yasser Alkhateeb
Network and Communication Engineer
|
|
|
|
|
RE: Windows Live Messenger and P2P application - 25.Jan.2008 10:46:29 PM
|
|
|
y.alkhateeb
Posts: 42
Joined: 21.Jan.2008
From: Palestinian in Kuwait
Status: offline
|
Hello justmee,
Regarding Orbit downloader, its a good idea to limit the bandwidth for users but is there any articl that guide me through how i'm going to do it? Also i appreciate finding a signature or a way to block it, i'm searching a way to do so as well. anyhow the bandwidth limitation will do for now. .
Thanks for the Live Messenger signature, i'll try to apply it on sunday and send you feedback. Please note that i'm not using firewall clients, so if it didn't work, i'll do it through the AD
Regards,
_____________________________
Yasser Alkhateeb
Network and Communication Engineer
|
|
|
|
|
RE: Windows Live Messenger and P2P application - 26.Jan.2008 3:49:48 AM
|
|
|
justmee
Posts: 505
Joined: 14.May2007
Status: offline
|
Hi Yasser,
I don't remember reading an article about a bandwidth management addon for ISA 2004/2006.
You can scroll through the software area of this site:
http://www.isaserver.org/software/ISA/Bandwidth-Control/
Try Bandwidth Splitter, they offer a trial download(actually it's free if you have up to 10 users) and see if it's good for your needs:
http://www.bsplitter.com/features.aspx
Regards!
|
|
|
|
|
RE: Windows Live Messenger and P2P application - 27.Jan.2008 1:48:15 AM
|
|
|
y.alkhateeb
Posts: 42
Joined: 21.Jan.2008
From: Palestinian in Kuwait
Status: offline
|
Back to Windows live messenger, i've just tried both signatures (Windows Live Messenger and 8.5.1302.1018) and bot didn't block it ..... is there any other way to do so?
_____________________________
Yasser Alkhateeb
Network and Communication Engineer
|
|
|
|
|
RE: Windows Live Messenger and P2P application - 27.Jan.2008 4:42:50 AM
|
|
|
justmee
Posts: 505
Joined: 14.May2007
Status: offline
|
*That's* the *way* to *do* it.
By its User-Agent. It's meaningless if you use the version number(assuming that's the correct one) or the other pattern. Both will work.
It is *assumed* that you are *only* *allowing* *HTTP* and *HTTPS* on your ISA(obviously there is a rule in place for DNS). If you have an Allow All rule then Windows Live Messenger will use the MSN Messenger Protocol, thus it will successfully connect.
If you have ISA 2004 SP3 installed you have a nice log view.
Just start the live log on ISA and connect with Windows Live Messenger.Within HTTP traffic/Client Agent you will see the one used by Windows Live Messenger. Tell us what you see.
J
|
|
|
|
|
RE: Windows Live Messenger and P2P application - 27.Jan.2008 5:31:02 AM
|
|
|
y.alkhateeb
Posts: 42
Joined: 21.Jan.2008
From: Palestinian in Kuwait
Status: offline
|
Dear Justmee,
Thanks alot for the tip, that was my mistake, i was enabling MSN protocol in my allow all access rule and when i disabled it ..... it worked perfectly, thanks again
Regards,
_____________________________
Yasser Alkhateeb
Network and Communication Engineer
|
|
|
|
|
RE: Windows Live Messenger and P2P application - 27.Jan.2008 6:31:11 AM
|
|
|
justmee
Posts: 505
Joined: 14.May2007
Status: offline
|
No worries.
We all make them. For example a couple of days ago I've made a server publishing rule and entered incorrectly the IP address of the published server and I was wondering why its not working. Of course I was pretty sure about what I have done....
Regards!
|
|
|
|
|
RE: Windows Live Messenger and P2P application - 28.Jan.2008 5:57:47 AM
|
|
|
elmajdal
Posts: 5071
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
Hi Yasser,
So removing the protocol disbaled Live Messenger ??
or u used also signature?
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Windows Live Messenger and P2P application - 28.Jan.2008 7:23:09 AM
|
|
|
y.alkhateeb
Posts: 42
Joined: 21.Jan.2008
From: Palestinian in Kuwait
Status: offline
|
Dear Almajdal,
I've disabled the protocol from allow all access rule in addition to the signatures disable ....
Regards,
_____________________________
Yasser Alkhateeb
Network and Communication Engineer
|
|
|
|
|
RE: Windows Live Messenger and P2P application - 28.Jan.2008 8:41:57 AM
|
|
|
justmee
Posts: 505
Joined: 14.May2007
Status: offline
|
Hi Yasser,
I've downloaded Orbit and install it on one client behind ISA.
First thing I've noticed:
Orbit cannot pass through an authenticated proxy(like ISA). I did not quite believe it so I've google it a little bit and it appears is correct:
http://forum.orbitdownloader.com/viewtopic.php?id=13335
So create a rule for HTTP and HTTPS and *require* authentication on it. Thus Orbit is useless(current version).
Do *not* use anymore "Allow All Rules". Unless you want to make ISA useless.
Regarding the use of Orbinet to accelerate downloads speed based on p2p(dht), I've noticed that this application runs in background and many UDP packets to various destinations are sent. Since you do not use an allow all rule, this requests will be blocked.
Additional create a deny rule for the following destination:
*.orbitdownloader.com
Put this rule on top of the others. Orbit needs various destinations based on it(like oblogin.rep.orbitdownloader.com, uu1.orbitdownloader.com, .......).
As expected there is no specific User-Agent.
Regards!
|
|
|
|
|
RE: Windows Live Messenger and P2P application - 30.Jan.2008 4:26:35 AM
|
|
|
justmee
Posts: 505
Joined: 14.May2007
Status: offline
|
Hi Yasser,
Create an access rule from Internal to External and allow only HTTP an HTTPS on this rule. Instead of using "All Users" use "All Authenticated Users".
"All Users" = anonymous access
"All Authenticated Users" = authentication is needed -> your clients must be at least Web Proxy Clients in addition to SecureNAT clients.
SecureNAT clients cannot authenticate.
It is assumed that ISA is a domain member.
If you deploy FWC, I think Orbit will be able to connect again.(I did not tested).
FWC can be useful because you can require authentication on access rules that, say allow mail protocols(like POP3 and SMTP).
The solution described in that forum to use the "CONNECT" method won't work against ISA(using TCP port 80). ISA will assume it is HTTPS traffic. Only TCP port 443 is served by default by ISA for HTTPS traffic.
There are basic steps in using ISA as a firewall: don't use "Allow All" rules, always shrink your rules to allow only needed traffic and when possible only to needed destinations from required sources. And also when possible require authentication on your rules, by the making your clients Web Proxy clients and/or FWC.
If you cannot afford a web filtering solution(say GFI or Websense) try to use the available destination sets in order to limit as possible web access to unnecessary web sites.
J
|
|
|
|
RE: Windows Live Messenger and P2P application - 1.Feb.2008 12:39:28 PM
|
|
|
y.alkhateeb
Posts: 42
Joined: 21.Jan.2008
From: Palestinian in Kuwait
Status: offline
|
Dear Justmee,
I got your point, and thnks alot for your support and for the tip .....
Regards,
_____________________________
Yasser Alkhateeb
Network and Communication Engineer
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
RE: Windows Live Messenger and P2P application - 
