allowing
TRANSCRIPT
-
8/9/2019 Allowing
1/6
Allowing/Denying IM and other protocols on ISA Server
This article provides useful information that will assist you in allowing/denying certain commonprotocols such as Yahoo! Messenger, MSN Messenger, Kazaa iMesh, BitTorrent, ICQ, AOLMessenger, etc on your ISA server.
Program/ProtocolDescription
1MSN MessengerSee this Technet article
Default Port:
1863
Servers:
messenger.msn.com
gateway.messenger.com
Voice & Video:
Does not work correctly with ISA because ISA doesnt support uPNP protocol.
2Yahoo! MessengerDefault Port:
5050 TCP
Yahoo! Messenger at first tries to connect via port 5050. If it is unsuccessful, it keeps scanningother ports in this order:
-
8/9/2019 Allowing
2/6
5050, 80,
Other common ports: 20,23,25,80,119,5050,8001,8002
Servers:
scs.msg.yahoo.com
scsa.msg.yahoo.com
scsb.msg.yahoo.com
scsc.msg.yahoo.com
Webcam:
For webcam to work, ISA must allow incoming & outgoing connections on port 5100.
Server: webcam.yahoo.com
File Transfer:
filetransfer.msg.yahoo.com on port 80, protocol HTTP
Voice:
vc.yahoo.com
v1.vc.scd.yahoo.com
v2.vc.scd.yahoo.com
v3.vc.scd.yahoo.com
v4.vc.scd.yahoo.com
v5.vc.scd.yahoo.com
-
8/9/2019 Allowing
3/6
v6.vc.scd.yahoo.com
v7.vc.scd.yahoo.com
v8.vc.scd.yahoo.comv9.vc.scd.yahoo.com
v10.vc.scd.yahoo.com
v11.vc.scd.yahoo.com
v13.vc.sc5.yahoo.com
vc1.vip.scd.yahoo.com
Ports: 5000-5010
3Kazaa, iMesh clientDefault Port:
Kazaa: 1214, TCP Outbound
iMesh client: 6699, TCP Outbound
Newer versions of Kazaa are capable of scanning for open ports. Presence of MS Firewall Clientis found to facilitate easier connection.
4BitTorrentPorts
6969 and 6881 to 6889, TCP, outbound
6881 to 6889, TCP, inbound (for reciprocal uploading)
You will also need to use the Server Publishing rule to publish ports tcp/6881 and tcp/6889inbound for everyone to their BitTorrent client machine if you require to host torrents.
-
8/9/2019 Allowing
4/6
5ICQUse the ICQ built-in Protocol in ISA
6AOL Instant Messenger
7DAAP
(iTunes music-sharing protocol)3689, TCP, Outbound
8
Bearshare/Gnutella client6346, TCP, Outbound
6346, TCP, Inbound (for reciprocal uploading)
9Jabber IM / XMPP5222, TCP, Outbound (unencrypted traffic)
5223, TCP, Outbound (SSL-encoded Jabber)
Server-to-Server communication on 5269, TCP.
10Symantec pcAnywhere5631, TCP and UDP (send-receive) outbound
5632, TCP and UDP (send-receive) outbound
11SIP (Session Initiation Protocol used by Microsoft Live Communications Server, iChat)5060 TCP (unencrypted)
5061 TCP (SSL encrypted)
12Google TalkURL Blocking:
talk.google.com:5222
-
8/9/2019 Allowing
5/6
talk.google.com:443
desktop.google.com/download/googletalk/google-talk-versioncheck.txt?
13Google EarthUses Port 80.
Block GoogleEarth.exe process
Block wikimapia.org
14eDonkey4662, TCP
15SkypeSkype connects through any port, including HTTP. Application filtering is recommended.
For information on how to enable Skype securely inside your organization, visitwww.skype.com/security/
16Realplayer6970 7170 UDP
554, 7070 7071 TCP
ISA 2006 features a three new application filters RTSP, MMS and PNM. The RTSP filter canbe used to block RealPlayer and Quicktime.
17PalTalk2090, UDP inbound (for voice)2091, UDP inbound (control stream)2090, TCP inbound (file transfer)2091, TCP inbound (video listening)2095, TCP inbound (file transfer- older versions)5001-50015, TCP outbound (text messaging)8200 - 8700, TCP & UDP outbound (Firewall / network mode group voice)
-
8/9/2019 Allowing
6/6
1025 - 2500, UDP outbound (outbound voice & control stream - user configurable)
Ngun : su tm Internet
[global]
workgroup = MyGroup
netbios name = cpu
encrypt passwords = yes
hosts allow = 192.168.0.
map to guest = Bad User
printing = CUPS
printcap name = CUPS
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins support = No
security = user
server string = Samba Server
add user script =domain master = false
domain logons = no
local master = no
[homes]
comment = Home Directories
valid users = %S
browseable = no
read only = No
create mask = 0640
directory mask = 0750
guest ok = no
printable = no
[storage]
comment = Guest
path = /tmp/
browseable = yes
read only = No
guest ok = yes
printable = no