How to Block Port Number within LAN ?
Captain
In our college hostel we use IP Messenger ( www.ipmsg.org ) for file
transfer & chating. Due to this our Internet speed is very slow.
This program uses TCP/UDP port(default:2425). This have no contact
with Proxy.
Is it Possible to block this port number within LAN ?. How this
is possible ?
Awaiting for your reply...
bye,
Prabhakaran Chinnappa
Walter Roberson
Captain <prabhuk...@gmail.com> wrote:
:In our college hostel we use IP Messenger ( www.ipmsg.org ) for file
:transfer & chating. Due to this our Internet speed is very slow.
: This program uses TCP/UDP port(default:2425). This have no contact
:with Proxy.
: Is it Possible to block this port number within LAN ?. How this
:is possible ?
It depends on the LAN infrastructure.
- On most Layer 2 switches, NO.
- On some Layer 2 switches, such as some in the Cisco 29x0 line, you
can put in Layer 4 ACLs (but not as flexibily as with higher order
switches.) Some of these switches also allow you to do limited
traffic policing, which would allow you to control the traffic rate
without necessarily banning it.
- On many Layer 3+ switches, you can put in Layer 4 ACLs and/or
Policy Based Routing. Layer 3+ switches often (but not always) have
more flexible traffic rate controls
- On most routers you can do it
- There are Layer 2 Transparent Firewalls that can block traffic while
leaving the rest untouched. However, that would serve mostly to segment
your network into pieces that could still ipmsg to each other.
- On some switches and routers, you can force all traffic "in" some ports
to be directed to a particular port, with the "out" traffic only
permitted from those special ports. This feature in combination with
a firewall (such as a Layer 2 Transparent Firewall) can overcome
the segmentation limitation.
But if you just have regular layer 2 switches with no special features,
then you cannot really block any internal traffic. If the switches
have a port "spanning" / "mirroring" feature, you could possibly siphon
off a copy of the traffic over to an IDS, and have the IDS send
TCP RST or other suitable packets to tell the conversations to close
down. It isn't quite "blocking" but it can be effective.
--
I was very young in those days, but I was also rather dim.
-- Christopher Priest
David H. Lipman
Use a FireWall appliance and block the TCP/UDP port 2425.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Walter Roberson
David H. Lipman <DLipman~nospam~@Verizon.Net> wrote:
>From: "Captain" <prabhuk...@gmail.com>
>| This program uses TCP/UDP port(default:2425). This have no contact
>| with Proxy.
>| Is it Possible to block this port number within LAN ?. How this
>| is possible ?
>Use a FireWall appliance and block the TCP/UDP port 2425.
The OP asked about blocking the port -within- the LAN. If the LAN
uses more than one switch with non-trivial segments, then adding
a single firewall appliance is not going to be sufficient.
--
Chocolate is "more than a food but less than a drug" -- RJ Huxtable
David H. Lipman
| In article <%NA7f.15733$Io4.2322@trnddc06>,
| David H. Lipman <DLipman~nospam~@Verizon.Net> wrote:
>> From: "Captain" <prabhuk...@gmail.com>
>|> This program uses TCP/UDP port(default:2425). This have no contact
>|> with Proxy.
|
>|> Is it Possible to block this port number within LAN ?. How this
>|> is possible ?
|
>> Use a FireWall appliance and block the TCP/UDP port 2425.
|
| The OP asked about blocking the port -within- the LAN. If the LAN
| uses more than one switch with non-trivial segments, then adding
| a single firewall appliance is not going to be sufficient.
Thanx -- it was a misread/misinterpretation.