« Securing a Cisco Router - Follow up
The new Cisco ASA 5580 »
21 01 2008

Blocking Instant Messenger Apps with IOS

Posted by: Ray in Config. Guides, Study Related

A question that I see asked a lot is how to stop users from accessing IM applications such as Yahoo, Hotmail and Aol. It just so happens that from IOS 12.4(4)T firewall release features have been introduced to INSPECT for and control this type of traffic specifically for these three applications.

Instant messenger traffic enforcement can be set up as follows: (this example is for MSN)

(Please ensure you router is capable of DNS lookups if you are using any FQDN’s as below)

- Use the appfw command to define a policy:

# appfw policy-name my-im-policy

- Once in appfw mode define the application:

# application im messenger

- In application mode we can allocate an action to take, multiple servers can be defined here:

#server permit name messenger.hotmail.com

At this point we can use the deny statement to blanket deny all MSN activity, but here I want to demonstrate more granular control so it is allowed.

- Still in application mode we can define the action to take on the traffic, this can afftect the text chat only or other activities (default keyword). Here we can allow or reset (drop) the connection:

# service text-chat|default action allow|reset

- Create the inspect policy as per normal and reference the appfw policy:

#ip inspect name example appfw my-im-policy

- IMPORTANT : Block Misuse of http which will stop IM applications trying to tunnel through. This is done by defining the http application back in appfw mode:

# application http

# port-misuse im reset

- attach the inspect code to the interface whilst in interface mode:

# ip inspect example in

IM application servers are known to use a number of IP addresses mapped to a single domain name for load balancing and by issuing the ‘server permit’ command we are telling IOS to do consistent DNS lookups to check for the latest mappings. To see exactly what your router has got from its lookups issue the following command:

#show appfw dns cache

Please see the following article at Cisco.com for any further information such as logging violations etc: http://www.conft.com/univercd/cc/td/doc/product/software/ios124/124newft/124t/124t4/ht_fw_im.htm

This entry was posted on Monday, January 21st, 2008 at 2:26 pm and is filed under Config. Guides, Study Related. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Blocking Instant Messenger Apps with IOS”

  1. Simon says:
    January 27th, 2008 at 12:33 am

    BTW 12.4(15)T2 has now been released. changed are many:

    http://www.cisco.com/en/US/products/ps6441/prod_release_note09186a00807ce961.html#wp1985810

  2. Simon says:
    January 27th, 2008 at 8:19 pm

    12.4(15)T3 now released. must be some issues with T2 since the very quick release of T3 now.

  3. mate says:
    June 7th, 2010 at 5:25 pm

    Great job! THANK YOU!

Leave a Reply
Add to Technorati Favorites Add to Google
  • treatment for dry skin
  • weight loss doctor online
  • heart pain chest
  • clomid dosage
  • cymbalta dosages
  • my drug store
  • about levitra
  • flu vaccines
  • treating high cholesterol
  • drug phenergan
  • post pregnancy weight loss
  • free dog products
  • help with weight loss
  • cheapest levitra
  • breast cancer products
  • small dog products
  • online drug stores
  • stop smoking tablets
  • about levitra
  • sleep disorders drugs
  • fast weight loss tips
  • hydrochlorothiazide generic
  • cures for lung cancer
  • back pain
  • natural help sleeping
  • ulcers stomach
  • prostate cancer treatment
  • irritable bowel syndrome treatments
  • cymbalta anxiety
  • asthma treatment drugs
  • healthy pets
  • finasteride dosage
  • weight loss solutions
  • body building nutrition
  • perfect pet products
  • buy viagra internet
  • pneumonia vs bronchitis
  • latest diet pill
  • ordering meds without a prescription
  • increased heart rate drugs
  • face skin care
  • pain meds without prescription
  • celecoxib 200mg
  • obtaining pain killers
  • pain meds without prescriptions
  • hair loss treatment uk
  • cat health care
  • fat weight loss products
  • high blood pressure elderly
  • cancer drugs
  • dental antibiotics
  • strattera generic
  • removing dark spots from face
  • medicine drugs
  • new cancer drug
  • buy plan b
  • drug price
  • improve skin
  • diabetes type 2
  • buy pain pills on line
  • anti anxiety meds
  • dog products uk
  • weight loss how to
  • dogs health problems
  • high blood pressure medicines
  • drugs no prescription
  • online drugs without prescription
  • the new flu
  • buy meds no prescription
  • medications celebrex
  • no prescription online pharmacies
  • skin cell
  • controlling blood pressure
  • how does osteoporosis occur
  • quitting smoking
  • liver infection treatment
  • health med
  • cat care
  • buy viagra internet
  • body building product
  • blood pressure support
  • health vitamins
  • buy omega 3
  • smoking stop
  • viagra with out prescription
  • right side back pain
  • symptoms of congestive heart failure
  • celexa buy
  • over weight dog
  • diabetes drugs
  • build muscle
  • flu shot
  • depression therapy
  • dog health in mexico
  • best hair loss treatment
  • self help weight loss
  • buy cialis on line
  • high blood pressure cause
  • muscle spasm relief
  • drug stores
  • buy meds no prescription
  • discount anti-biotics
  • alcoholism information treatment
  • list of cancer treating drugs
  • lower leg pain
  • weight loss nutrition
  • dog health problems
  • drugs for energy
  • viagra and buy
  • drugs for sale
  • where to buy stop pain
  • medication for depression
  • pharmacies without prescriptions
  • cholesterol and health
  • alzheimers disease drugs
  • natures antibiotic
  • medicine for blood pressure
  • stopping smoking
  • diabetes treatment
  • reduce blood pressure
  • cat health info
  • treatments for throat infection
  • nolvadex dosage
  • dog health help
  • tamiflu flu
  • natural back pain relief
  • new heart attack drugs
  • dogs health problems
  • tips to help loss weight
  • vitamins store
  • wrinkle skin care
  • what causes throat infection
  • cialis 30
  • reason for high blood pressure
  • pet health care
  • blood pressure pills
  • how to stop the pain
  • newest approved drugs
  • hair loss treatments
  • hair loss remedy
  • treatment of breast cancer
  • us online pharmacy
  • medical treatment for diabetes
  • acomplia online
  • osteoporosis treating
  • claritin dose
  • free help to stop smoking
  • vitamin store
  • treatment for hypertension
  • bust increase
  • dog site health
  • buy tadalafil online
  • buy pain medicine online
  • health problems cats
  • cure for high blood pressure
  • low back pain
  • on-line pharmacies
  • treatment of asthma
  • on-line drugs
  • lower back pain
  • treating prostate cancer
  • cheap impotence drug generic cialis delivery
  • risperdal depression
  • best weight loss programs
  • medicine drugs
  • malaria medicines
  • plan b pregnancy
  • tips for weight loss
  • buy drugs prescription online
  • reducing high blood pressure
  • high blood pressure medicines
  • international pharmacy
  • anti smoking
  • anti depression
  • weight loss for women over 50
  • stop pain
  • chronic pain management
  • help to give up smoking
  • hair loss products for women
  • cold flu
  • online alcoholism treatment
  • medicine for dogs
  • breast cancer drugs
  • claritin 10mg
  • sleep disorders treatment
  • treatment of heart attacks
  • products diet
  • cheap drug pharmacies
  • reasons for high blood pressure
  • weight loss solution
  • blood pressure high
  • life after a heart attack
  • fda avandia
  • causes for high blood pressure
  • aspirin and pregnancy
  • natural breast enhancer
  • pharmacy zolpidem
  • how to get teeth white
  • back pain relief product
  • discount weight loss pill