Solved

How to block ip messenger in L2 and L3 level

Posted on 2009-05-12
13
1,422 Views
Last Modified: 2012-05-06
I need to block ip messenger on L2 and L3 lever(eg: if we use access-list it will block only in L3 level & can use between PC on same Vlan) I need complete block of this program on my enterprice network, We have L2 swich, L3 swich,firewall,Gateway route etc
 https://sourceforge.net/projects/execblock Is useful tool....?

Thanks
Sanoj
0
Comment
Question by:sanojmc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
13 Comments
 
LVL 6

Expert Comment

by:dvast8n
ID: 24368510
Block port 2425
0
 

Author Comment

by:sanojmc
ID: 24368663
HI.

I am aware that it is using TCP & UDP port 2425,I can block with ACL on router, But how can i block on same Lan, Ie PC's which is connected on same access swich

0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24368686
Which messenger are you referring to? MSN messenger or the messenger service?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:sanojmc
ID: 24368769
Hi,

It is not MSN, It is "IP Messenger"
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24368806
0
 
LVL 6

Expert Comment

by:dvast8n
ID: 24368900
In my searching here are some ideas:

Q: Is it Possible to block this port number within LAN ?. How this
:is possible ?

A: It depends on the LAN infrastructure.

- On most Layer 2 switches, NO.

- On some Layer 2 switches, such as some in the Cisco 29x0 line, you
can put in Layer 4 ACLs (but not as flexibily as with higher order
switches.) Some of these switches also allow you to do limited
traffic policing, which would allow you to control the traffic rate
without necessarily banning it.

- On many Layer 3+ switches, you can put in Layer 4 ACLs and/or
Policy Based Routing. Layer 3+ switches often (but not always) have
more flexible traffic rate controls

- On most routers you can do it

- There are Layer 2 Transparent Firewalls that can block traffic while
leaving the rest untouched. However, that would serve mostly to segment
your network into pieces that could still ipmsg to each other.

- On some switches and routers, you can force all traffic "in" some ports
to be directed to a particular port, with the "out" traffic only
permitted from those special ports. This feature in combination with
a firewall (such as a Layer 2 Transparent Firewall) can overcome
the segmentation limitation.


But if you just have regular layer 2 switches with no special features,
then you cannot really block any internal traffic. If the switches
have a port "spanning" / "mirroring" feature, you could possibly siphon
off a copy of the traffic over to an IDS, and have the IDS send
TCP RST or other suitable packets to tell the conversations to close
down. It isn't quite "blocking" but it can be effective.
0
 

Author Comment

by:sanojmc
ID: 24368907
Hi

I know this solution before, It is good solution in L3 level,
But what i am asking is If some pc is connected to same L2 switches, How can i block the IP messenger communication between them, (ACL cant apply in access switch)
0
 
LVL 7

Accepted Solution

by:
LANm0nk3y earned 500 total points
ID: 24368942
Then this is a software management question.

You may want to install/turn on firewall software and have it locked down.
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24368976
If this is a windows domain environment (Win XP or higher), group policy has firewall policy that you can administer.
0
 

Author Comment

by:sanojmc
ID: 24369093
Thanks for your support,
So i can block on port based(2425) on L3 switch & firewall,
But now the problem is in LAN, ie between PC's. So can you suggest some free software names, which i can use to block IP messenger
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24369206
There's plenty of free firewall software out there that can help you, such as ZoneAlarm.
Here's another http://personalfirewall.comodo.com/.  Even windows firewall should do the trick.
0
 
LVL 15

Expert Comment

by:Jeff Perkins
ID: 37511265
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Ahmedn1
Introduction Some developers today tend to use Skypekit in their applications to make it more interactive with the user. Skype API is very awesome indeed but the problem is it is only available in C++, Java and Python. I can't understand why Micr…
Messaging apps are amazing tools with the power to do a lot of good, but the truth is the process of collaborating with coworkers requires relationships established through meaningful communication - the kind of communication that only happens face-…
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question