• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Windows Live Messenger and P2P application

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Windows Live Messenger and P2P application Page: [1]
Login
Message << Older Topic   Newer Topic >>
Windows Live Messenger and P2P application - 22.Jan.2008 3:48:29 AM   
y.alkhateeb

 

Posts: 42
Joined: 21.Jan.2008
From: Palestinian in Kuwait
Status: offline
Hello every body,

I'm facing a problem in blocking Windows Live messenger 8.5, i've been trying for the past few days to do so but it still working , i used the signatures:
  • Windows Live messenger
  • 8.5.1302.1018 (The build version of Live messenger i'm using)
  • Windows Live messenger 8.5.1302.1018
  • Windows Live messenger Build 8.5.1302.1018
but non have been succeeded to do so, i need your help to find out how can i block it and is there any way to block all builds of Live messengers rather than entering the signature of each build? Im using ISA server 2004 WITHOUT Firewall client and have a domain configuration.

Moreover, i tried also to find a way to block ORBIT P2P application but couldn't find any way to do it ... you can find the application in the following link
http://www.orbitdownloader.com



Thanks,

< Message edited by y.alkhateeb -- 22.Jan.2008 3:49:37 AM >


_____________________________

Yasser Alkhateeb
Network and Communication Engineer
Post #: 1
RE: Windows Live Messenger and P2P application - 24.Jan.2008 8:48:43 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi ,

I managed to block Live Messenger, the current version i am using is : 8.5.1302.1018
 
I blocked it by signature as follows :

Request Hearders
User-Agent:
8.5.1302.1018

As for the Orbit P2P, i didnt have the time to try it yet. will reply back soon

HTH,
Tarek

< Message edited by elmajdal -- 24.Jan.2008 8:52:19 AM >


_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to y.alkhateeb)
Post #: 2
RE: Windows Live Messenger and P2P application - 24.Jan.2008 9:54:00 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
Hi guys,
Regarding Windows Live Messenger I have blocked it as Tarek says but instead of the version number I've used:
Windows Live Messenger
I think I have a newer version than 8.5.1302.1018, but that should not matter.
Check ISA's log for the Client Agent.
I suppose you miss the capital "M" since it works just fine for me.
Edit: It does not matter if it's with M or m. It's blocked in both cases. I suppose I've made a wrong supposition.
Regards!

< Message edited by justmee -- 24.Jan.2008 2:25:03 PM >

(in reply to elmajdal)
Post #: 3
RE: Windows Live Messenger and P2P application - 25.Jan.2008 2:45:19 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Cool  !

Thanks for the Tip

In this case, we won't care about which build we have !  

Tarek.

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to justmee)
Post #: 4
RE: Windows Live Messenger and P2P application - 25.Jan.2008 4:01:28 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
Hi Tarek,
I was browsing today the articles from isaserver.org and I've noticed that Marc Grote has an article in which he shows the signature of Windows Live Messenger:
http://www.isaserver.org/tutorials/Configuring-ISA-Server-2006-HTTP-Filter.html
It's a picture actually of that signature.
I read that article some time ago but I did not remember about that.
I think I should start taking some lecithin.
Best,
J

(in reply to elmajdal)
Post #: 5
RE: Windows Live Messenger and P2P application - 25.Jan.2008 1:46:19 PM   
y.alkhateeb

 

Posts: 42
Joined: 21.Jan.2008
From: Palestinian in Kuwait
Status: offline
Guys,

First of all, thanks alot for your responses ... I've tried the signature "Windows Live Messenger" but it didn't work ... Saturday i'll try it with the build version again cause i think i didn't include the last 4 digits of the build version . . However, i'm waiting your response on the Orbit application cause it's a major issue to me ...

Thanks in advance,

_____________________________

Yasser Alkhateeb
Network and Communication Engineer

(in reply to elmajdal)
Post #: 6
RE: Windows Live Messenger and P2P application - 25.Jan.2008 5:04:32 PM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
Hi Yasser,
Are you referring to Orbit Downloader ?
If so I have doubts it has a signature we can find easily. Typically these kind of applications use a common User Agent(Mozilla, Windows NT...) and not a particular one like say Windows Live Messenger.
In fact I do not recall seeing Orbit within WebSense for example.
One way you can block it is using the Firewall Client(but that might not very efficient).
But you can mess with Wireshark and maybe you can find out something.
I would like to help you but I don't know Orbit's signature.
Also I'm pretty sure that there are plenty of "anonymous" download managers. So blocking only one does not buy you much.
You may want to look at a bandwidth manager for ISA for limiting/managing the bandwidth per user/machine.
Regarding Windows Live Messenger make sure you enter the signatures like so:

Regards!

(in reply to y.alkhateeb)
Post #: 7
RE: Windows Live Messenger and P2P application - 25.Jan.2008 10:46:29 PM   
y.alkhateeb

 

Posts: 42
Joined: 21.Jan.2008
From: Palestinian in Kuwait
Status: offline
Hello justmee,

Regarding Orbit downloader, its a good idea to limit the bandwidth for users but is there any articl that guide me through how i'm going to do it? Also i appreciate finding a signature or a way to block it, i'm searching a way to do so as well. anyhow the bandwidth limitation will do for now. .

Thanks for the Live Messenger signature, i'll try to apply it on sunday and send you feedback. Please note that i'm not using firewall clients, so if it didn't work, i'll do it through the AD

Regards,


_____________________________

Yasser Alkhateeb
Network and Communication Engineer

(in reply to justmee)
Post #: 8
RE: Windows Live Messenger and P2P application - 26.Jan.2008 3:49:48 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
Hi Yasser,
I don't remember reading an article about a bandwidth management addon for ISA 2004/2006.
You can scroll through the software area of this site:
http://www.isaserver.org/software/ISA/Bandwidth-Control/
Try Bandwidth Splitter, they offer a trial download(actually it's free if you have up to 10 users) and see if it's good for your needs:
http://www.bsplitter.com/features.aspx
Regards!

(in reply to y.alkhateeb)
Post #: 9
RE: Windows Live Messenger and P2P application - 27.Jan.2008 1:48:15 AM   
y.alkhateeb

 

Posts: 42
Joined: 21.Jan.2008
From: Palestinian in Kuwait
Status: offline
Back to Windows live messenger, i've just tried both signatures (Windows Live Messenger and 8.5.1302.1018) and bot didn't block it ..... is there any other way to do so?

_____________________________

Yasser Alkhateeb
Network and Communication Engineer

(in reply to justmee)
Post #: 10
RE: Windows Live Messenger and P2P application - 27.Jan.2008 4:42:50 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
*That's* the *way* to *do* it.
By its User-Agent. It's meaningless if you use the version number(assuming that's the correct one) or the other pattern. Both will work.
It is *assumed* that you are *only* *allowing* *HTTP* and *HTTPS* on your ISA(obviously there is a rule in place for DNS). If you have an Allow All rule then Windows Live Messenger will use the MSN Messenger Protocol, thus it will successfully connect.
If you have ISA 2004 SP3 installed you have a nice log view.
Just start the live log on ISA and connect with Windows Live Messenger.Within HTTP traffic/Client Agent you will see the one used by Windows Live Messenger. Tell us what you see.
J

(in reply to y.alkhateeb)
Post #: 11
RE: Windows Live Messenger and P2P application - 27.Jan.2008 5:31:02 AM   
y.alkhateeb

 

Posts: 42
Joined: 21.Jan.2008
From: Palestinian in Kuwait
Status: offline
Dear Justmee,
 
Thanks alot for the tip, that was my mistake, i was enabling MSN protocol in my allow all access rule and when i disabled it ..... it worked perfectly, thanks again
 
Regards,

_____________________________

Yasser Alkhateeb
Network and Communication Engineer

(in reply to justmee)
Post #: 12
RE: Windows Live Messenger and P2P application - 27.Jan.2008 6:31:11 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
No worries.
We all make them. For example a couple of days ago I've made a  server publishing rule and entered incorrectly the IP address of the published server and I was wondering why its not working. Of course I was pretty sure about what I have done....
Regards!

(in reply to y.alkhateeb)
Post #: 13
RE: Windows Live Messenger and P2P application - 27.Jan.2008 4:10:40 PM   
y.alkhateeb

 

Posts: 42
Joined: 21.Jan.2008
From: Palestinian in Kuwait
Status: offline
Thanks again, people now got pisst because of the messenger block , but i still need the block of p2p application cause its a challange to me, i'm giving it a try each and everyday.



_____________________________

Yasser Alkhateeb
Network and Communication Engineer

(in reply to justmee)
Post #: 14
RE: Windows Live Messenger and P2P application - 28.Jan.2008 5:57:47 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi Yasser,

So removing the protocol disbaled Live Messenger ??

or u used also signature?

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to y.alkhateeb)
Post #: 15
RE: Windows Live Messenger and P2P application - 28.Jan.2008 7:23:09 AM   
y.alkhateeb

 

Posts: 42
Joined: 21.Jan.2008
From: Palestinian in Kuwait
Status: offline
Dear Almajdal,

I've disabled the protocol from allow all access rule in addition to the signatures disable ....

Regards,

_____________________________

Yasser Alkhateeb
Network and Communication Engineer

(in reply to elmajdal)
Post #: 16
RE: Windows Live Messenger and P2P application - 28.Jan.2008 8:41:57 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
Hi Yasser,
I've downloaded Orbit and install it on one client behind ISA.
First thing I've noticed:
Orbit cannot pass through an authenticated proxy(like ISA). I did not quite believe it so I've google it a little bit and it appears is correct:
http://forum.orbitdownloader.com/viewtopic.php?id=13335
So create a rule for HTTP and HTTPS and *require* authentication on it. Thus Orbit is useless(current version).
Do *not* use anymore "Allow All Rules". Unless you want to make ISA useless.
Regarding the use of Orbinet to accelerate downloads speed based on p2p(dht), I've noticed that this application runs in background and many UDP packets to various destinations are sent. Since you do not use an allow all rule, this requests will be blocked.
Additional create a deny rule for the following destination:
*.orbitdownloader.com
Put this rule on top of the others. Orbit needs various destinations based on it(like oblogin.rep.orbitdownloader.com, uu1.orbitdownloader.com, .......).
As expected there is no specific User-Agent.
Regards!

(in reply to y.alkhateeb)
Post #: 17
RE: Windows Live Messenger and P2P application - 30.Jan.2008 2:48:42 AM   
y.alkhateeb

 

Posts: 42
Joined: 21.Jan.2008
From: Palestinian in Kuwait
Status: offline
Dear Justmee,
 
How to *require Authentication* on HTTP and HTTPS rules? any article to read?
 
I've blocked the URL *.orbit downloader.com and i've went through the forum link you've sent me, it's really helpfull but i didn't understands the HTTP<GET> issue?
 
Thanks,


_____________________________

Yasser Alkhateeb
Network and Communication Engineer

(in reply to justmee)
Post #: 18
RE: Windows Live Messenger and P2P application - 30.Jan.2008 4:26:35 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
Hi Yasser,
Create an access rule from Internal to External and allow only HTTP an HTTPS on this rule. Instead of using "All Users" use "All Authenticated Users".
"All Users" =  anonymous access
"All Authenticated Users" = authentication is needed  -> your clients must be at least Web Proxy Clients in addition to SecureNAT clients.
SecureNAT clients cannot authenticate.
It is assumed that ISA is a domain member.
If you deploy FWC, I think Orbit will be able to connect again.(I did not tested).
FWC can be useful because you can require authentication on access rules that, say allow mail protocols(like POP3 and SMTP).
The solution described in that forum to use the "CONNECT" method won't work against ISA(using TCP port 80). ISA will assume it is HTTPS traffic. Only TCP port 443 is served by default by ISA for HTTPS traffic.
There are basic steps in using ISA as a firewall: don't use "Allow All" rules, always shrink your rules to allow only needed traffic and when possible only to needed destinations from required sources. And also when possible require authentication on your rules, by the making your clients Web Proxy clients and/or FWC.
If you cannot afford a web filtering solution(say GFI or Websense) try to use the available destination sets in order to limit as possible web access to unnecessary web sites.
J

(in reply to y.alkhateeb)
Post #: 19
RE: Windows Live Messenger and P2P application - 1.Feb.2008 12:39:28 PM   
y.alkhateeb

 

Posts: 42
Joined: 21.Jan.2008
From: Palestinian in Kuwait
Status: offline
Dear Justmee,

I got your point, and thnks alot for your support and for the tip .....

Regards,

_____________________________

Yasser Alkhateeb
Network and Communication Engineer

(in reply to justmee)
Post #: 20

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Windows Live Messenger and P2P application Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts