how to block all the IM -- skype, googletalk, msn, yahoo, ICQ
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
how to block all the IM -- skype, googletalk, msn, yahoo, ICQ
Hi,
May I know how to total block all the IM using Iptables and squid because my company new policy want me to block all the IM. For time being i just able to block yahoo and ICQ using iptables and msn using squid. but I unable to block skype and google talk.
hope some one can help me to solve it or point me the useful link.
FYI, what i noticed that now all the IM are using the random port already so quick difficult to block them also. Cause I try to block all IM with the port no that list about but the user still can use the IM.
I use very stupid way to block the IM that I install all the IM and monitor it where and which IP they logon to then i block IP that they login to prevent user to use the IM.
Unfortunery, I still cant block the user using external Proxy server to logon to IM server. Any one got an idea on this. Can this be done by using the iptables which can block the internal user using an external Proxy server?
Originally posted by cksoo I use very stupid way to block the IM that I install all the IM and monitor it where and which IP they logon to then i block IP that they login to prevent user to use the IM.
Unfortunery, I still cant block the user using external Proxy server to logon to IM server. Any one got an idea on this. Can this be done by using the iptables which can block the internal user using an external Proxy server?
yes, if you know the IP of the proxy server it would be easy to block it with iptables...
The problem is there are a lot open proxy offer so quite difficult to block. May I know whether got a general iptables rules that force my internal must use my internal proxy server or not ?
To disable GTalk...
Setup these rules in your IPTables. or create ACLs in Squid.
Drop If destination is 72.14.253.125
Drop If destination is 72.14.255.100
Drop If destination is 209.85.139.83
Drop If destination is 66.249.89.99
Drop If destination is 64.233.163.189
Drop If destination is 209.85.137.125
Drop If protocol is TCP and destination is 66.249.89.103 and destination port is 443
Drop If protocol is TCP and destination is 209.85.137.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.147.83 and destination port is 80
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.163.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.163.125 and destination port is 5222
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 443
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 5222
Drop If protocol is TCP and destination is 72.14.253.125 and destination port is 443
To disable GTalk...
Setup these rules in your IPTables. or create ACLs in Squid.
Drop If destination is 72.14.253.125
Drop If destination is 72.14.255.100
Drop If destination is 209.85.139.83
Drop If destination is 66.249.89.99
Drop If destination is 64.233.163.189
Drop If destination is 209.85.137.125
Drop If protocol is TCP and destination is 66.249.89.103 and destination port is 443
Drop If protocol is TCP and destination is 209.85.137.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.147.83 and destination port is 80
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.163.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.163.125 and destination port is 5222
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 443
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 5222
Drop If protocol is TCP and destination is 72.14.253.125 and destination port is 443
+chetan
Blocking IMs based on IPs doent seem to be a good idea as the clients use the fqdn to connect and the corresponding IP keeps changing. Better way is to block them using the fqdn (talk.google.com) and keep IPtables rules updating it using cron jobs.
Better way is to block them using the fqdn (talk.google.com)
Yes, you are right. We have to keep watch if host/IP change. But if GTalk seems talk.google.com host down (that's what if we block it), seems that it tried those hosts and connection successfull.
Then, if you try to block port 5222/3 of Jabber, next it make an conn. attempt to those hosts at 443 or 80.
I'm using these iptables rules from past 3 months, and keeps blocking.
as for skype that is the hardest application to block. The only way that i have seen to block skype is to do a packet matching with CISCO MARS systems. I use sidewinder firewalls at work and we cant even block skype on those.
Hi Chetan, can u pls guide me how to add the below lines in my (rc.firewall.up)
Hi Chetan,
can u pls guide me how to add the below lines in my rc.firewall.up)file.
I don't know where to add these lines & as per my knowledge it should come like this.....
for eg:
# drop hits from Google Talk
/sbin/iptables -A INPUT -p TCP -i $RED_DEV --dport 5222 -j DROP
/sbin/iptables -A INPUT -p TCP -i $RED_DEV --dport 5223 -j DROP
/sbin/iptables -A INPUT -p TCP -i $RED_DEV --dport 5224 -j DROP
if I am right. I m waiting for your earliest reply.
I m using smoothwall 2.0. I also want to learn more about blocking IP Addresses & the Ports, if U can help me it wud be gr8 for me.
To disable GTalk...
Setup these rules in your IPTables. or create ACLs in Squid.
Drop If destination is 72.14.253.125
Drop If destination is 72.14.255.100
Drop If destination is 209.85.139.83
Drop If destination is 66.249.89.99
Drop If destination is 64.233.163.189
Drop If destination is 209.85.137.125
Drop If protocol is TCP and destination is 66.249.89.103 and destination port is 443
Drop If protocol is TCP and destination is 209.85.137.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.147.83 and destination port is 80
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.163.125 and destination port is 443
Drop If protocol is TCP and destination is 209.85.163.125 and destination port is 5222
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 443
Drop If protocol is TCP and destination is 216.239.51.125 and destination port is 5222
Drop If protocol is TCP and destination is 72.14.253.125 and destination port is 443
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.