Jump to content
Compatible Support Forums
Sign in to follow this  
Avalanche

Blocking file transfers in messenger

Recommended Posts

I guess the subject header says it all. I'd like to know if there's a way to block people from sending and receiving files through msn/windows messenger on a Win2k Pro machine, without blocking all messages.

 

See this is for my mom's system, where there is a bunch of teenaged girls that use messenger all the time and like to trade around neat things they find on the net.

 

Well yesterday I was asked to come over and perform the general system maintenance that I do for her computer, and I found 178 peices of spyware including all the major well known ones. The only possible source of these is from the girls using messenger (excpet for the 9 or 10 that regularly have to clean from IE Cookies).

 

Rather than fighting with teeanged girls I'd rather that they suddenly find they cannot send or recieve files anymore (oh no, my life is over wink )

 

I've searched the net for a couple hours and I can't find anything that helps me, I'd imagine that if it's an issue of blocking a port or something I could manually set that in the firewall, but I suspect messenger rotates the ports it uses for security's sake.

 

Anyway, any insight would be appreciated.

 

Thanks.

Share this post


Link to post

If you use ZoneAlarm as your firewall, then just block MSM as a server. I think that 'should' still allow messages, but not file transfers.

Share this post


Link to post

Well not allowing servers made no difference to incoming files.

 

I can block outgoing transfers, so I guess then my problem is 50% solved. Not really though, since if the files are already here, they've done their damage.

 

BTW, I should have mentioned before, it's Messenger 5.0 that's being used. Sorry I forgot about that before.

Share this post


Link to post
Quote:
Well not allowing servers made no difference to incoming files.

I can block outgoing transfers, so I guess then my problem is 50% solved. Not really though, since if the files are already here, they've done their damage.

BTW, I should have mentioned before, it's Messenger 5.0 that's being used. Sorry I forgot about that before.


Well I supose that you could just disallow MSM 'all' access through zonealarm... Just tell them you can't figure out why it isn't working (darn MS software)... humm... maybe not ;-). Time to block ports 6891 to 6900?? ;(

Share this post


Link to post

I have run into this problem when I had to reformat and reinstall a system over spyware. System was running at 100% cpu on win2k pro.

Kazaa was main culprit that let in who knows what else. I said fine do what you want but when computer goes down again, its YOUR PROBLEM. You want to dl crap for a short period of time or use your system.

Its still running...............So maybe just maybe the idea of NO COMPUTER at all scared him a bit. laugh

Share this post


Link to post
Quote:
I have run into this problem when I had to reformat and reinstall a system over spyware. System was running at 100% cpu on win2k pro.
Kazaa was main culprit that let in who knows what else. I said fine do what you want but when computer goes down again, its YOUR PROBLEM. You want to dl crap for a short period of time or use your system.
Its still running...............So maybe just maybe the idea of NO COMPUTER at all scared him a bit. laugh


If Spyware is your main concern then you should make sure that you have the latest version of ADaware run on a regular basis. I'm sure that you have a decent antivirus package installed, and, you should also turn on the MailSafe feature in ZoneAlarm. I'm afraid that's about as far as you can go with it ;-).

Share this post


Link to post

I did install Ad-Aware, which is how I knew there was 178 pieces of SpyWare on the system. The issue is, it's not my system, it's my mom's, and she's likely to shy away from running Ad-Aware on a regular basis.

 

She does have a decent anti-virus, and whenever I'm over there, I do run everything, and clean out the system, but I'm not over there every day.

 

I'm gonna try blocking the ports that messenger uses next time I'm over there and see what that does. There may be unfortunate side effects of blocking all those ports, other apps may want to use them too.

 

We'll see.

 

 

Thanks for the input everybody.

Share this post


Link to post

You sir, do indeed ROCK! laugh

 

Thanks very much for this. Where on earth did you find it? I've been looking high and low for something like it. It's perfect!

 

I'll report back later tonight after I've tested it on my mom's system.

Share this post


Link to post

Bad luck. I tried every possible combination of settings, and it simply doesn't do anything that it says it should do. It doesn't block file transfers, it doesn't block video, or voice. It doesn't even work to disable MSN altogether.

 

This is a real bugger. You'd think there'd be an easy way to do this, it seems like a fairly big security risk allowing any and all users to send and recieve all the files they want.

 

I know MicroSoft isn't the best when it comes to security, but this one seems to be a bit of an agregious oversight.

 

PS, I'm not blaming the people who made this little program, it's a great idea. There must be some difference in how it's set up on this machine than they expected.

Share this post


Link to post

That is correct.

 

MSN Messenger 5.0.04xx on Windows 2000 Professional sp2. Sorry I can't remember the exact build number on msn, but it was the one that just came out this morning. When I went over to my mom's to test that program she told me that she had done the update that it notified her of just today.

 

I'm home again now, so I dont have direct access to the computer.

 

Personally I use Trillian, so I really don't have much experience with Messenger itself. But I went through everything I could think of, but the best I could do is block outgoing files, and not incoming files.

Share this post


Link to post

What happened to blocking the ports? Did you try that? It would probably be your best bet.

Share this post


Link to post

Oh, sorry. I guess I should have been more clear. Blocking the ports only served to stop messages and outgoing files.

 

This is because for receiving files Messenger offloads that duty onto a system file called ndisuio.sys. This file is apparently used by many windows systems for access to a network. It seems to exclusively use port 137, for all it's access, so I can't just block it for when it is working for messenger. Looking at my Sygate logs I see that ndisuio.sys on port 137 was accessed by several windows systems, including ntoskrnl.exe, and explorer.exe.

 

So Blocking the ports doesn't do anything that disallowing server didn't do.

 

PS, this search had allowed me to find a feature in sygate firewall that is far superior to similar functions in ZoneAlarm. Even in the free edition of Sygate, I can do things like observe the network activity of things like ndisuio.sys, and block any individual port I want, and specify which protocol I'd like to be blocking (UDP for messenger, but I tried them all, none worked, because of the .sys thing). ZneAlarm doesn't offer anyhere near that much flexability, even in their Pro edition. </soapbox> :-)

 

So again, this is where I stand. Thanks for all the input.

Share this post


Link to post
Quote:
That is correct.

MSN Messenger 5.0.04xx on Windows 2000 Professional sp2. Sorry I can't remember the exact build number on msn, but it was the one that just came out this morning. When I went over to my mom's to test that program she told me that she had done the update that it notified her of just today.

laugh she's smart enough to update MSM, but, she can't run addaware??? Time for a serious talk wink

Share this post


Link to post
Quote:
she's smart enough to update MSM, but, she can't run addaware??? Time for a serious talk


Seriously good point. I hadn't thought of it that way. You are right of course.

The thing is, I was hoping for security's sake that I could get this done, whether she can get rid of the spyware or not. Spyware is but one of many security concerns that are at issue here, concerns that will be impossible to teach to the girls who are the root of the problem.

Oh well, I just find this whole thing rather frustrating.

Share this post


Link to post
Quote:
Quote:
she's smart enough to update MSM, but, she can't run addaware??? Time for a serious talk


Seriously good point. I hadn't thought of it that way. You are right of course.

The thing is, I was hoping for security's sake that I could get this done, whether she can get rid of the spyware or not. Spyware is but one of many security concerns that are at issue here, concerns that will be impossible to teach to the girls who are the root of the problem.

Oh well, I just find this whole thing rather frustrating.


The 'root of the problem' is really the MSM, and not the girls. The only real solution is to uninstall the MSM or to password the account and not give 'the girls' access untill they are accountable ( try never laugh ). in any case, you have to get control of the situation.

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×