MSN Messenger - Ad Block - Revisited
Following some email requests ( too many for that specific question ) that ive got to help various FORTIGATE ( by fortinet ) owners - to set their firewall security policy to block MSN Advertisment within the client ( as a Proof Of Concept ONLY ) ... and following an old post ( that i have posted here on march 13th 2007 - Link ) i am posting the requested configuration for the machines.
I have devided to re-post this , with better technical explenation - and in english this time , as a gesture to the "Security Bloggers Network" ( which i only post english feeds to , and this is one worth mentioning ).
the main concept is to block 3 reg-ex uri links that the messenger client gets its advertisment ads from. ( as you may or may not know , this IM uses HTTP to get things done , well - lets break its path...
[ note : configuration is made for the FortiOS mr5 patch 2 and tested on FGT60 ]
As i previsously posted , this is a good way of handeling messenger usage within organizations that do not approve end-user advertisment on its computer environment.
There are two ways of doing it ... one through the url filter engine , and the other one is through the IPS ( which i find much more exotic way of getting things done through deep packet inspection ).
Method 1 - URL Filter :
1. goto the CLI on the machine and paste the following configuration -
- config webfilter urlfilter
edit 1
config entries
edit "ad.msn.co.il/js.ng"
set action block
next
edit "rad.msn.com/ADSAdClient31.dll"
set action block
set type regex
next
edit "config.messenger.msn.com/Config/MsgrConfig.asmx"
set action block
set type regex
next
end
set name "block-msn-ad-engine"
next
end
2. choose the "block-msn-ad-engine" within your protection-profile of choice.
Method 2 - IPS :
1. go to the Intrusion Protection >> Signature >> Custom menu and add the following signatures -
- F-SBID( --name "bs_MSN-AD-Stop.A"; --protocol tcp; --flow established ; --regex "ADSAdClient31.dll"; --no_case)
- F-SBID( --name "bs_MSN-AD-Stop.B"; --protocol tcp; --flow established ; --content "ad.msn.co.il"; --no_case)
- F-SBID( --name "bs_MSN-AD-Stop.C"; --protocol tcp; --flow established ; --regex "MsgrConfig.asmx"; --no_case)
2. choose appropriate severity and include the severity in the desired protection-profile.
Disclaimer : this is a POC only , this kind of usage may conflict with the MSN Messenger usage aggreement , and i am not to take any responsibility for and unethical or illegal usage of this article and the information it provides. and although i tink using this information to violate any EULA or other agreement is wrong - if you use it - you are taking for responsability for it.
i am not sure that there is any violation , since all this solution does is changing the availability of web data to an application - so basically treating the application as a user in the network and denying it from getting to some internet content . legitimate isnt it ?
Labels: english, sbn, script, solution, utm
| Link 
how could you find its specific value,thks!
email:jump_wyx@163.com
Posted by
Anonymous |
9:58 AM
ممتااااااااااااز
http://www.saudiarabiacrusher.com/
http://shoala.net/
http://prokr.com/blog/tips/anti-termite/
Posted by
lamiss ibrahim |
4:16 PM