Blocking file transfers in messenger

I guess the subject header says it all. I'd like to know if there's a way to block people from sending and receiving files through msn/windows messenger on a Win2k Pro machine, without blocking all messages.

Windows Software 5498 This topic was started by ,


data/avatar/default/avatar09.webp

180 Posts
Location -
Joined 2000-11-07
I guess the subject header says it all. I'd like to know if there's a way to block people from sending and receiving files through msn/windows messenger on a Win2k Pro machine, without blocking all messages.
 
See this is for my mom's system, where there is a bunch of teenaged girls that use messenger all the time and like to trade around neat things they find on the net.
 
Well yesterday I was asked to come over and perform the general system maintenance that I do for her computer, and I found 178 peices of spyware including all the major well known ones. The only possible source of these is from the girls using messenger (excpet for the 9 or 10 that regularly have to clean from IE Cookies).
 
Rather than fighting with teeanged girls I'd rather that they suddenly find they cannot send or recieve files anymore (oh no, my life is over )
 
I've searched the net for a couple hours and I can't find anything that helps me, I'd imagine that if it's an issue of blocking a port or something I could manually set that in the firewall, but I suspect messenger rotates the ports it uses for security's sake.
 
Anyway, any insight would be appreciated.
 
Thanks.

Participate on our website and join the conversation

You have already an account on our website? Use the link below to login.
Login
Create a new user account. Registration is free and takes only a few seconds.
Register
This topic is archived. New comments cannot be posted and votes cannot be cast.

Responses to this topic


data/avatar/default/avatar32.webp

266 Posts
Location -
Joined 2001-10-25
MSN uses ports 6891 to 6900 for file transfers.

data/avatar/default/avatar06.webp

397 Posts
Location -
Joined 2001-10-13
If you use ZoneAlarm as your firewall, then just block MSM as a server. I think that 'should' still allow messages, but not file transfers.

data/avatar/default/avatar09.webp

180 Posts
Location -
Joined 2000-11-07
OP
Thanks for the help, I will try the server thing ASAP, she is running ZoneAlarm.

data/avatar/default/avatar09.webp

180 Posts
Location -
Joined 2000-11-07
OP
Well not allowing servers made no difference to incoming files.
 
I can block outgoing transfers, so I guess then my problem is 50% solved. Not really though, since if the files are already here, they've done their damage.
 
BTW, I should have mentioned before, it's Messenger 5.0 that's being used. Sorry I forgot about that before.

data/avatar/default/avatar06.webp

397 Posts
Location -
Joined 2001-10-13
Quote:Well not allowing servers made no difference to incoming files.

I can block outgoing transfers, so I guess then my problem is 50% solved. Not really though, since if the files are already here, they've done their damage.

BTW, I should have mentioned before, it's Messenger 5.0 that's being used. Sorry I forgot about that before.

Well I supose that you could just disallow MSM 'all' access through zonealarm... Just tell them you can't figure out why it isn't working (darn MS software)... humm... maybe not ;-). Time to block ports 6891 to 6900?? ;(

data/avatar/default/avatar35.webp

54 Posts
Location -
Joined 2001-01-03
I have run into this problem when I had to reformat and reinstall a system over spyware. System was running at 100% cpu on win2k pro.
Kazaa was main culprit that let in who knows what else. I said fine do what you want but when computer goes down again, its YOUR PROBLEM. You want to dl crap for a short period of time or use your system.
Its still running...............So maybe just maybe the idea of NO COMPUTER at all scared him a bit.

data/avatar/default/avatar06.webp

397 Posts
Location -
Joined 2001-10-13
Quote:I have run into this problem when I had to reformat and reinstall a system over spyware. System was running at 100% cpu on win2k pro.
Kazaa was main culprit that let in who knows what else. I said fine do what you want but when computer goes down again, its YOUR PROBLEM. You want to dl crap for a short period of time or use your system.
Its still running...............So maybe just maybe the idea of NO COMPUTER at all scared him a bit.

If Spyware is your main concern then you should make sure that you have the latest version of ADaware run on a regular basis. I'm sure that you have a decent antivirus package installed, and, you should also turn on the MailSafe feature in ZoneAlarm. I'm afraid that's about as far as you can go with it ;-).

data/avatar/default/avatar09.webp

180 Posts
Location -
Joined 2000-11-07
OP
I did install Ad-Aware, which is how I knew there was 178 pieces of SpyWare on the system. The issue is, it's not my system, it's my mom's, and she's likely to shy away from running Ad-Aware on a regular basis.
 
She does have a decent anti-virus, and whenever I'm over there, I do run everything, and clean out the system, but I'm not over there every day.
 
I'm gonna try blocking the ports that messenger uses next time I'm over there and see what that does. There may be unfortunate side effects of blocking all those ports, other apps may want to use them too.
 
We'll see.
 
 
Thanks for the input everybody.

data/avatar/default/avatar09.webp

180 Posts
Location -
Joined 2000-11-07
OP
You sir, do indeed ROCK!
 
Thanks very much for this. Where on earth did you find it? I've been looking high and low for something like it. It's perfect!
 
I'll report back later tonight after I've tested it on my mom's system.

data/avatar/default/avatar35.webp

2172 Posts
Location -
Joined 2002-08-26
Glad I was able to reach you, I hope it works. I found it here.

data/avatar/default/avatar09.webp

180 Posts
Location -
Joined 2000-11-07
OP
Bad luck. I tried every possible combination of settings, and it simply doesn't do anything that it says it should do. It doesn't block file transfers, it doesn't block video, or voice. It doesn't even work to disable MSN altogether.
 
This is a real bugger. You'd think there'd be an easy way to do this, it seems like a fairly big security risk allowing any and all users to send and recieve all the files they want.
 
I know MicroSoft isn't the best when it comes to security, but this one seems to be a bit of an agregious oversight.
 
PS, I'm not blaming the people who made this little program, it's a great idea. There must be some difference in how it's set up on this machine than they expected.

data/avatar/default/avatar35.webp

2172 Posts
Location -
Joined 2002-08-26
You're running MSN Messenger 5, right? Not Windows Messenger (XP)

data/avatar/default/avatar09.webp

180 Posts
Location -
Joined 2000-11-07
OP
That is correct.
 
MSN Messenger 5.0.04xx on Windows 2000 Professional sp2. Sorry I can't remember the exact build number on msn, but it was the one that just came out this morning. When I went over to my mom's to test that program she told me that she had done the update that it notified her of just today.
 
I'm home again now, so I dont have direct access to the computer.
 
Personally I use Trillian, so I really don't have much experience with Messenger itself. But I went through everything I could think of, but the best I could do is block outgoing files, and not incoming files.

data/avatar/default/avatar19.webp

3857 Posts
Location -
Joined 2000-03-29
What happened to blocking the ports? Did you try that? It would probably be your best bet.

data/avatar/default/avatar09.webp

180 Posts
Location -
Joined 2000-11-07
OP
Oh, sorry. I guess I should have been more clear. Blocking the ports only served to stop messages and outgoing files.
 
This is because for receiving files Messenger offloads that duty onto a system file called ndisuio.sys. This file is apparently used by many windows systems for access to a network. It seems to exclusively use port 137, for all it's access, so I can't just block it for when it is working for messenger. Looking at my Sygate logs I see that ndisuio.sys on port 137 was accessed by several windows systems, including ntoskrnl.exe, and explorer.exe.
 
So Blocking the ports doesn't do anything that disallowing server didn't do.
 
PS, this search had allowed me to find a feature in sygate firewall that is far superior to similar functions in ZoneAlarm. Even in the free edition of Sygate, I can do things like observe the network activity of things like ndisuio.sys, and block any individual port I want, and specify which protocol I'd like to be blocking (UDP for messenger, but I tried them all, none worked, because of the .sys thing). ZneAlarm doesn't offer anyhere near that much flexability, even in their Pro edition. </soapbox> :):
 
So again, this is where I stand. Thanks for all the input.

data/avatar/default/avatar06.webp

397 Posts
Location -
Joined 2001-10-13
Quote:That is correct.

MSN Messenger 5.0.04xx on Windows 2000 Professional sp2. Sorry I can't remember the exact build number on msn, but it was the one that just came out this morning. When I went over to my mom's to test that program she told me that she had done the update that it notified her of just today.

she's smart enough to update MSM, but, she can't run addaware??? Time for a serious talk

data/avatar/default/avatar09.webp

180 Posts
Location -
Joined 2000-11-07
OP
Quote: she's smart enough to update MSM, but, she can't run addaware??? Time for a serious talk

Seriously good point. I hadn't thought of it that way. You are right of course.

The thing is, I was hoping for security's sake that I could get this done, whether she can get rid of the spyware or not. Spyware is but one of many security concerns that are at issue here, concerns that will be impossible to teach to the girls who are the root of the problem.

Oh well, I just find this whole thing rather frustrating.

data/avatar/default/avatar06.webp

397 Posts
Location -
Joined 2001-10-13
Quote:Quote: she's smart enough to update MSM, but, she can't run addaware??? Time for a serious talk

Seriously good point. I hadn't thought of it that way. You are right of course.

The thing is, I was hoping for security's sake that I could get this done, whether she can get rid of the spyware or not. Spyware is but one of many security concerns that are at issue here, concerns that will be impossible to teach to the girls who are the root of the problem.

Oh well, I just find this whole thing rather frustrating.

The 'root of the problem' is really the MSM, and not the girls. The only real solution is to uninstall the MSM or to password the account and not give 'the girls' access untill they are accountable ( try never ). in any case, you have to get control of the situation.

data/avatar/default/avatar35.webp

2172 Posts
Location -
Joined 2002-08-26
If the password is stored on the system, you can use this to recover it, FYI.