HPE Community
Operating System - HP-UX
1825163 Members
4093 Online
109679 Solutions
New Discussion

Instant Messenger Port

 
SOLVED
Go to solution
Steven Chen_1
Super Advisor

‎12-12-2001 02:24 PM

‎12-12-2001 02:24 PM

Instant Messenger Port

Hi,

Just would like to know whether someone know how to find instant messenger user in the company and how.

It seems the port used are different from vendors, such AOL, msn, yahoo... Some are 5050, 5190, 1967....

From firewall, such as Cisco, what is the inspect command to find it out?

Appreciated.

Steven
Steve
0 Kudos
Reply
1 REPLY 1
Ron Kinner
Honored Contributor

‎12-12-2001 05:51 PM

‎12-12-2001 05:51 PM

Solution

Re: Instant Messenger Port

The question (blocking IM) was brought up several times in the cisco newsgroup. The following quote pretty much sums up the situation:

"If I am not mistaken and I don't think I am all of the latest instant
messenger programs have the ability to scan for and use another port if the
default is not available so blocking them by port is ineffective. You will
need to find the IP address of the respective messenger servers and block
them by IP."

A suggestion at least for AOL:

"Instant Messenger uses a variety of ports when it cannot connect on one...
Question you ask yourself.. If it's using all there ports how the hell do I
block it? EASY!!! All the Instant Messenger ports go to the same
place... oscar.aol.com (make sure you check on this with the
program... you'll see the server it tries to connect to when you
fire up Instant Messenger)

In a nutshell... the best way that I found to block Instant Messenger
was to deny the address of IM on my Cisco router (or whatever
router you use) No pain in the butt port blocking for that job.
Just block oscar.aol.com
"

Same guy goes on to suggest:
"If you REALLY want to deny more chatting that you may be
unaware of... Try blocking IRC too! Get a copy of MIRC and
block those ports. 6000, 6665, 6666, 6667, 6668."


Can't help you with the PIX commands. Just speak router IOS. On a router I would turn on "ip accounting out" on my outgoing interface and then wait a while. "Sh ip acco" will then give a list of all the IP addresses in use. Do a DNS lookup for oscar.aol.com or login.oscar.aol.com and then search through the output of sh ip acco until you find the corresponding ip address. Your culprit(s) will be the one connected to the im server address(es) You can probably then do a lookup on your local DNS to get his user name.

Ron
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.