Allowing

download Allowing

of 6

Transcript of Allowing

  • 8/9/2019 Allowing

    1/6

    Allowing/Denying IM and other protocols on ISA Server

    This article provides useful information that will assist you in allowing/denying certain commonprotocols such as Yahoo! Messenger, MSN Messenger, Kazaa iMesh, BitTorrent, ICQ, AOLMessenger, etc on your ISA server.

    Program/ProtocolDescription

    1MSN MessengerSee this Technet article

    Default Port:

    1863

    Servers:

    messenger.msn.com

    gateway.messenger.com

    Voice & Video:

    Does not work correctly with ISA because ISA doesnt support uPNP protocol.

    2Yahoo! MessengerDefault Port:

    5050 TCP

    Yahoo! Messenger at first tries to connect via port 5050. If it is unsuccessful, it keeps scanningother ports in this order:

  • 8/9/2019 Allowing

    2/6

    5050, 80,

    Other common ports: 20,23,25,80,119,5050,8001,8002

    Servers:

    scs.msg.yahoo.com

    scsa.msg.yahoo.com

    scsb.msg.yahoo.com

    scsc.msg.yahoo.com

    Webcam:

    For webcam to work, ISA must allow incoming & outgoing connections on port 5100.

    Server: webcam.yahoo.com

    File Transfer:

    filetransfer.msg.yahoo.com on port 80, protocol HTTP

    Voice:

    vc.yahoo.com

    v1.vc.scd.yahoo.com

    v2.vc.scd.yahoo.com

    v3.vc.scd.yahoo.com

    v4.vc.scd.yahoo.com

    v5.vc.scd.yahoo.com

  • 8/9/2019 Allowing

    3/6

    v6.vc.scd.yahoo.com

    v7.vc.scd.yahoo.com

    v8.vc.scd.yahoo.comv9.vc.scd.yahoo.com

    v10.vc.scd.yahoo.com

    v11.vc.scd.yahoo.com

    v13.vc.sc5.yahoo.com

    vc1.vip.scd.yahoo.com

    Ports: 5000-5010

    3Kazaa, iMesh clientDefault Port:

    Kazaa: 1214, TCP Outbound

    iMesh client: 6699, TCP Outbound

    Newer versions of Kazaa are capable of scanning for open ports. Presence of MS Firewall Clientis found to facilitate easier connection.

    4BitTorrentPorts

    6969 and 6881 to 6889, TCP, outbound

    6881 to 6889, TCP, inbound (for reciprocal uploading)

    You will also need to use the Server Publishing rule to publish ports tcp/6881 and tcp/6889inbound for everyone to their BitTorrent client machine if you require to host torrents.

  • 8/9/2019 Allowing

    4/6

    5ICQUse the ICQ built-in Protocol in ISA

    6AOL Instant Messenger

    7DAAP

    (iTunes music-sharing protocol)3689, TCP, Outbound

    8

    Bearshare/Gnutella client6346, TCP, Outbound

    6346, TCP, Inbound (for reciprocal uploading)

    9Jabber IM / XMPP5222, TCP, Outbound (unencrypted traffic)

    5223, TCP, Outbound (SSL-encoded Jabber)

    Server-to-Server communication on 5269, TCP.

    10Symantec pcAnywhere5631, TCP and UDP (send-receive) outbound

    5632, TCP and UDP (send-receive) outbound

    11SIP (Session Initiation Protocol used by Microsoft Live Communications Server, iChat)5060 TCP (unencrypted)

    5061 TCP (SSL encrypted)

    12Google TalkURL Blocking:

    talk.google.com:5222

  • 8/9/2019 Allowing

    5/6

    talk.google.com:443

    desktop.google.com/download/googletalk/google-talk-versioncheck.txt?

    13Google EarthUses Port 80.

    Block GoogleEarth.exe process

    Block wikimapia.org

    14eDonkey4662, TCP

    15SkypeSkype connects through any port, including HTTP. Application filtering is recommended.

    For information on how to enable Skype securely inside your organization, visitwww.skype.com/security/

    16Realplayer6970 7170 UDP

    554, 7070 7071 TCP

    ISA 2006 features a three new application filters RTSP, MMS and PNM. The RTSP filter canbe used to block RealPlayer and Quicktime.

    17PalTalk2090, UDP inbound (for voice)2091, UDP inbound (control stream)2090, TCP inbound (file transfer)2091, TCP inbound (video listening)2095, TCP inbound (file transfer- older versions)5001-50015, TCP outbound (text messaging)8200 - 8700, TCP & UDP outbound (Firewall / network mode group voice)

  • 8/9/2019 Allowing

    6/6

    1025 - 2500, UDP outbound (outbound voice & control stream - user configurable)

    Ngun : su tm Internet

    [global]

    workgroup = MyGroup

    netbios name = cpu

    encrypt passwords = yes

    hosts allow = 192.168.0.

    map to guest = Bad User

    printing = CUPS

    printcap name = CUPS

    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192

    wins support = No

    security = user

    server string = Samba Server

    add user script =domain master = false

    domain logons = no

    local master = no

    [homes]

    comment = Home Directories

    valid users = %S

    browseable = no

    read only = No

    create mask = 0640

    directory mask = 0750

    guest ok = no

    printable = no

    [storage]

    comment = Guest

    path = /tmp/

    browseable = yes

    read only = No

    guest ok = yes

    printable = no