CISCO suggested AdvEnterprise 12.4.9T  running on the routers that have 48M Flash, and 256M DRAM. But the office router only gets 32M Flash and 128M DRAM(OLD AND DUSTY). I really doubt my boss will agree to spend £300 to upgrade it and at the same time I need to get IPX and VPN working on it. I took the risk to upgrade it to c2600-adventerprisek9-mz.124-9.t.bin.

It took a lot longer to copy the ios to flash and veeeeery long to load it during booting, well, at least, I felt it taking very long time. Luckily, it works

Tags: c2600 adventerprisek9 mz.124 9.t.bin, C2611XM, Computing, ios, ipx, mz, Networking, vpn
Categories: Computing, Networking
No Comments »

1. Using ACL block relavent port to msn, such tcp/udp 1836, etc.
2. But, as we all know, msn 7.5 can use http(tcp 80 port) go through firewall. There are some sample of msn http header
Here is the first request and response in a notification server session:

POST http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=NS&IP=messenger.hotmail.com HTTP/1.1\r\n
Accept: */*\r\n
Accept-Language: en-us\r\n
Accept-Encoding: gzip, deflate\r\n
User-Agent: MSMSGS\r\n
Host: gateway.messenger.hotmail.com\r\n
Proxy-Connection: Keep-Alive\r\n
Connection: Keep-Alive\r\n
Pragma: no-cache\r\n
Content-Type: application/x-msn-messenger\r\n
Content-Length: 18\r\n
\r\n
VER 5 MSNP8 CVR0\r\n


HTTP/1.0 200 OK\r\n
Server: Microsoft-IIS/5.0\r\n
Date: Tue, 18 Mar 2003 07:39:53 GMT\r\n
X-MSN-Messenger: SessionID=954547325.13160; GW-IP=207.46.110.18\r\n
Content-Length: 18\r\n
Content-Type: application/x-msn-messenger\r\n
Age: 0\r\n
Via: HTTP/1.1 ntl_site (Traffic-Server/5.2.0-R [c sSf ])\r\n
X-Cache: MISS from nautilus.localdomain\r\n
X-Cache-Lookup: MISS from nautilus.localdomain:80\r\n
Proxy-Connection: keep-alive\r\n
\r\n
VER 5 MSNP8 CVR0\r\n


Here is the first request in a switchboard server session:

POST http://gateway.messenger.hotmail.com/gateway/gateway.dll?Action=open&Server=SB&IP=207.46.108.13 HTTP/1.1\r\n
Accept: */*\r\n
Accept-Language: en-us\r\n
Accept-Encoding: gzip, deflate\r\n
User-Agent: MSMSGS\r\n
Host: gateway.messenger.hotmail.com\r\n
Proxy-Connection: Keep-Alive\r\n
Connection: Keep-Alive\r\n
Pragma: no-cache\r\n
Content-Type: application/x-msn-messenger\r\n
Content-Length: 55\r\n
\r\n
USR 3 phil_sayers@hotmail.com 214963.1047973248.28908\r\n


Here is a message polling the server for queued messages, and finding none:

POST http://207.46.110.18/gateway/gateway.dll?Action=poll&SessionID=954547325.32498 HTTP/1.1\r\n
Accept: */*\r\n
Accept-Language: en-us\r\n
Accept-Encoding: gzip, deflate\r\n
User-Agent: MSMSGS\r\n
Host: 207.46.110.18\r\n
Proxy-Connection: Keep-Alive\r\n
Connection: Keep-Alive\r\n
Pragma: no-cache\r\n
Content-Type: application/x-msn-messenger\r\n
Content-Length: 0\r\n
\r\n


HTTP/1.0 200 OK\r\n
Server: Microsoft-IIS/5.0\r\n
Date: Tue, 18 Mar 2003 07:39:56 GMT\r\n
X-MSN-Messenger: SessionID=954547325.6942; GW-IP=207.46.110.18\r\n
Content-Length: 0\r\n
Content-Type: application/x-msn-messenger\r\n
Age: 1\r\n
Via: HTTP/1.1 ntl_site (Traffic-Server/5.2.0-R [c sSf ])\r\n
X-Cache: MISS from nautilus.localdomain\r\n
X-Cache-Lookup: MISS from nautilus.localdomain:80\r\n
Proxy-Connection: keep-alive\r\n
\r\n


Here is a message closing the session from the client side:

POST http://207.46.110.18/gateway/gateway.dll?SessionID=954547325.3500 HTTP/1.1\r\n
Accept: */*\r\n
Accept-Language: en-us\r\n
Accept-Encoding: gzip, deflate\r\n
User-Agent: MSMSGS\r\n
Host: 207.46.110.18\r\n
Proxy-Connection: Keep-Alive\r\n
Connection: Keep-Alive\r\n
Pragma: no-cache\r\n
Content-Type: application/x-msn-messenger\r\n
Content-Length: 5\r\n
\r\n
OUT\r\n
HTTP/1.0 200 OK\r\n
Server: Microsoft-IIS/5.0\r\n
Date: Tue, 18 Mar 2003 07:41:39 GMT\r\n
X-MSN-Messenger: SessionID=954547325.1484; GW-IP=207.46.110.18; Session=close\r\n
Content-Length: 0\r\n
Content-Type: application/x-msn-messenger\r\n
Age: 0\r\n
Via: HTTP/1.1 ntl_site (Traffic-Server/5.2.0-R [c sSf ])\r\n
X-Cache: MISS from nautilus.localdomain\r\n
X-Cache-Lookup: MISS from nautilus.localdomain:80\r\n
Proxy-Connection: keep-alive\r\n
\r\n

3. define class-map
class-map match-any im
match protocol http s-header-field “MSMSGS”
match protocol http c-header-field “MSMSGS”
match protocol http url “*gateway.messenger.hotmail.com*”
match protocol http url “*messenger.hotmail.com*”
match protocol http url “*messenger.msn.com*”

this class-map trys to find the package with “MSMSGS” in the header and the packages contains gateway.messenger.hotmail.com, messenger.hotmail.com, messenger.msn.com

4. create policy-map to drop the package with above attributes
policy-map block-p2p
class im
drop

5. then apply it on either in or out, or both
interface FastEthernet0/1
service-policy input block-p2p
service-policy output block-p2p

THIS IS ONLY AN EXPERIENTAL, THERE IS NO ANY KIND OF GURANTEE ON IT

Tags: block msn, CISCO, Computing, dns, ios, Networking, policy map
Categories: Computing, Networking
No Comments »