Keith Combs' Blahg

Ramblings from another nerd on the grid

Blogs

Blocking Peer File Sharing and Chat Clients Using ISA Server 2004

  • Comments 3
  • Likes

As usual, the TechNet ISA Server 2004 webcast generated a huge number of great questions.  I’ll be reviewing many of those and will post a few good ones here over time.

 

One question that comes up every time we deliver this content is how to block the various chat and peer file sharing programs.  It’s really very easy with ISA 2004.  The trick is to look inside the HTTP stream with a firewall policy rule.  Here are some steps:

 

  1. Create a Firewall Policy New Access Rule allowing the internal network, users, etc. access to the external network (internet).
  2. Go to the firewall policy container and right mouse click the rule you created.
  3. Select the Configure HTTP menu item (see screenshot below).

  

 

  1. Click the Signatures property page.
  2. Click the Add button.
  3. Fill out the dialog box with the appropriate information.  In the example screen shot below, we are blocking MSN Messenger.  A number of other common applications are listed in the table at the bottom of this article.

  

 

  1. Click the OK button to save the application add.
  2. Repeat for any other applications you want to block.
  3. Apply the changes to ISA Server 2004.

Common Application HTTP Signatures

 

Application

Search in

HTTP header

Signature

MSN Messenger

Request headers

User-Agent:

MSN Messenger

Windows Messenger

Request headers

User-Agent:

MSMSGS

AOL Messenger

Request headers

User-Agent:

Gecko/

Yahoo Messenger

Request headers

Host

msg.yahoo.com

Kazaa

Request headers

P2P-Agent

Kazaa

Kazaa

Request headers

User-Agent:

KazaaClient

Kazaa

Request headers

X-Kazaa-Network:

KaZaA

Gnutella

Request headers

User-Agent:

Gnutella

Gnucleus

Edonkey

Request headers

User-Agent:

e2dk

Morpheus

Response header

Server

Morpheus

 

Enjoy!

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • if on a firewall running a MS ISA 2004 , how can i give access to a particular user for a peer to peer  without giving access to other users on the network?
    Is there a particular port  i can leave open?
    thanks

  • Can you give me more specifics on which program, ports it uses, does the user use a particular machine all of the time, if that machine is a static or dynamic ip address machine, etc.?  

    There are a number of options and depending on the environment it will depend on how to implement that effectively.

    Thanks,

    Keith

  • How do the Application HTTP Signature for Ares file sharing look? I want to block

    Best regards
    KHansen