Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to block ip messenger in L2 and L3 level

Posted on 2009-05-12
13
Medium Priority
?
1,461 Views
Last Modified: 2012-05-06
I need to block ip messenger on L2 and L3 lever(eg: if we use access-list it will block only in L3 level & can use between PC on same Vlan) I need complete block of this program on my enterprice network, We have L2 swich, L3 swich,firewall,Gateway route etc
 https://sourceforge.net/projects/execblock Is useful tool....?

Thanks
Sanoj
0
Comment
Question by:sanojmc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
13 Comments
 
LVL 6

Expert Comment

by:dvast8n
ID: 24368510
Block port 2425
0
 

Author Comment

by:sanojmc
ID: 24368663
HI.

I am aware that it is using TCP & UDP port 2425,I can block with ACL on router, But how can i block on same Lan, Ie PC's which is connected on same access swich

0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24368686
Which messenger are you referring to? MSN messenger or the messenger service?
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 

Author Comment

by:sanojmc
ID: 24368769
Hi,

It is not MSN, It is "IP Messenger"
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24368806
0
 
LVL 6

Expert Comment

by:dvast8n
ID: 24368900
In my searching here are some ideas:

Q: Is it Possible to block this port number within LAN ?. How this
:is possible ?

A: It depends on the LAN infrastructure.

- On most Layer 2 switches, NO.

- On some Layer 2 switches, such as some in the Cisco 29x0 line, you
can put in Layer 4 ACLs (but not as flexibily as with higher order
switches.) Some of these switches also allow you to do limited
traffic policing, which would allow you to control the traffic rate
without necessarily banning it.

- On many Layer 3+ switches, you can put in Layer 4 ACLs and/or
Policy Based Routing. Layer 3+ switches often (but not always) have
more flexible traffic rate controls

- On most routers you can do it

- There are Layer 2 Transparent Firewalls that can block traffic while
leaving the rest untouched. However, that would serve mostly to segment
your network into pieces that could still ipmsg to each other.

- On some switches and routers, you can force all traffic "in" some ports
to be directed to a particular port, with the "out" traffic only
permitted from those special ports. This feature in combination with
a firewall (such as a Layer 2 Transparent Firewall) can overcome
the segmentation limitation.


But if you just have regular layer 2 switches with no special features,
then you cannot really block any internal traffic. If the switches
have a port "spanning" / "mirroring" feature, you could possibly siphon
off a copy of the traffic over to an IDS, and have the IDS send
TCP RST or other suitable packets to tell the conversations to close
down. It isn't quite "blocking" but it can be effective.
0
 

Author Comment

by:sanojmc
ID: 24368907
Hi

I know this solution before, It is good solution in L3 level,
But what i am asking is If some pc is connected to same L2 switches, How can i block the IP messenger communication between them, (ACL cant apply in access switch)
0
 
LVL 7

Accepted Solution

by:
LANm0nk3y earned 2000 total points
ID: 24368942
Then this is a software management question.

You may want to install/turn on firewall software and have it locked down.
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24368976
If this is a windows domain environment (Win XP or higher), group policy has firewall policy that you can administer.
0
 

Author Comment

by:sanojmc
ID: 24369093
Thanks for your support,
So i can block on port based(2425) on L3 switch & firewall,
But now the problem is in LAN, ie between PC's. So can you suggest some free software names, which i can use to block IP messenger
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24369206
There's plenty of free firewall software out there that can help you, such as ZoneAlarm.
Here's another http://personalfirewall.comodo.com/.  Even windows firewall should do the trick.
0
 
LVL 15

Expert Comment

by:Jeff Perkins
ID: 37511265
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Let Bitmoji into your life. Now is the time to learn a new language of smartphone messaging with this brief introduction.
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question