Blog Home  Home Feed your aggregator (RSS 2.0)  
IMFirewall Blog - Block MSN file transfer: impossible mission?
Block Internet Access,Block P2P,Web Filtering
 
Archive
<September 2010>
SunMonTueWedThuFriSat
2930311234
567891011
12131415161718
19202122232425
262728293012
3456789
September, 2010 (2)
August, 2010 (3)
July, 2010 (1)
June, 2010 (1)
May, 2010 (2)
April, 2010 (3)
March, 2010 (1)
January, 2010 (4)
December, 2009 (4)
November, 2009 (5)
October, 2009 (1)
September, 2009 (1)
August, 2009 (4)
July, 2009 (1)
April, 2009 (1)
January, 2009 (1)
December, 2008 (1)
May, 2008 (1)
April, 2008 (2)
January, 2008 (1)
July, 2007 (3)
June, 2007 (6)
May, 2007 (4)
July, 2005 (1)
Navigation
Online Marketing
IMFirewall Forum
Block P2P Traffic
Internet Filtering
Internet Monitor
Email Monitor
Block Internet Access
Monitor Employees
Home
Categories
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Blogroll
 blogcatalog
Contact
Send mail to the author(s) Email Me

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

Sign In
# Saturday, April 19, 2008
Block MSN file transfer: impossible mission? by Administrator

Block MSN file transfer: impossible mission?

  It is convenient to transfer files via messengers like msn/live, yahoo, icq...  But it is also necessary for organizations to block unauthorized file transfers to keep their networks safe.

  However, messenger software uses several ways to avoid being blocked. They use dynamic ports, encrypted connections, variety connection type to bypass network firewall.

  Let me take msn as an example. By our test, there have four type of msn file transfer as described below:

  1. For two buddies, if one of them is connected to internet directly, direct connection will be established to transfer files. This is the quickest way. There has three type of direct connections with dynamic ports which is negotiated by two sides.

  1.1) Direct TCP connection.

  1.2) Direct TCP connection use TLS encryption.

  1.3) Direct UDP transmission.

  2. If direct connection can not be established, msn servers can act as a relay server to transfer files. The file transfer packets will be among with normal msn messages.

  As you can see from above, there is no way to block msn file transfer simply by blocking some ports in the firewall. The firewall should be smart enough to recognize msn file transfer direct connections, and it shall be able to pick up file transfer packets from normal msn messages.

  Block MSN File Transfer

  Internet Monitor

  Block P2P

 

 

Saturday, April 19, 2008 5:49:52 AM (GMT Standard Time, UTC+00:00)    Block Messenger  |  IMFirewall P2P Classify Engine Introduction  |  How to block websites and restrict internet access? Trackback
Copyright © 2010 IMFirewall Software. All rights reserved.
DasBlog 'Portal' theme by Johnny Hughes.
Pick a theme: