Solved

How to block ip messenger in L2 and L3 level

Posted on 2009-05-12
13
1,316 Views
Last Modified: 2012-05-06
I need to block ip messenger on L2 and L3 lever(eg: if we use access-list it will block only in L3 level & can use between PC on same Vlan) I need complete block of this program on my enterprice network, We have L2 swich, L3 swich,firewall,Gateway route etc
 https://sourceforge.net/projects/execblock Is useful tool....?

Thanks
Sanoj
0
Comment
Question by:sanojmc
  • 5
  • 4
  • 2
  • +1
13 Comments
 
LVL 6

Expert Comment

by:dvast8n
ID: 24368510
Block port 2425
0
 

Author Comment

by:sanojmc
ID: 24368663
HI.

I am aware that it is using TCP & UDP port 2425,I can block with ACL on router, But how can i block on same Lan, Ie PC's which is connected on same access swich

0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24368686
Which messenger are you referring to? MSN messenger or the messenger service?
0
ScreenConnect 6.0 Free Trial

Check out the updates in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI that improves session organization and overall user experience. See the enhancements for yourself!

 

Author Comment

by:sanojmc
ID: 24368769
Hi,

It is not MSN, It is "IP Messenger"
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24368806
0
 
LVL 6

Expert Comment

by:dvast8n
ID: 24368900
In my searching here are some ideas:

Q: Is it Possible to block this port number within LAN ?. How this
:is possible ?

A: It depends on the LAN infrastructure.

- On most Layer 2 switches, NO.

- On some Layer 2 switches, such as some in the Cisco 29x0 line, you
can put in Layer 4 ACLs (but not as flexibily as with higher order
switches.) Some of these switches also allow you to do limited
traffic policing, which would allow you to control the traffic rate
without necessarily banning it.

- On many Layer 3+ switches, you can put in Layer 4 ACLs and/or
Policy Based Routing. Layer 3+ switches often (but not always) have
more flexible traffic rate controls

- On most routers you can do it

- There are Layer 2 Transparent Firewalls that can block traffic while
leaving the rest untouched. However, that would serve mostly to segment
your network into pieces that could still ipmsg to each other.

- On some switches and routers, you can force all traffic "in" some ports
to be directed to a particular port, with the "out" traffic only
permitted from those special ports. This feature in combination with
a firewall (such as a Layer 2 Transparent Firewall) can overcome
the segmentation limitation.


But if you just have regular layer 2 switches with no special features,
then you cannot really block any internal traffic. If the switches
have a port "spanning" / "mirroring" feature, you could possibly siphon
off a copy of the traffic over to an IDS, and have the IDS send
TCP RST or other suitable packets to tell the conversations to close
down. It isn't quite "blocking" but it can be effective.
0
 

Author Comment

by:sanojmc
ID: 24368907
Hi

I know this solution before, It is good solution in L3 level,
But what i am asking is If some pc is connected to same L2 switches, How can i block the IP messenger communication between them, (ACL cant apply in access switch)
0
 
LVL 7

Accepted Solution

by:
LANm0nk3y earned 500 total points
ID: 24368942
Then this is a software management question.

You may want to install/turn on firewall software and have it locked down.
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24368976
If this is a windows domain environment (Win XP or higher), group policy has firewall policy that you can administer.
0
 

Author Comment

by:sanojmc
ID: 24369093
Thanks for your support,
So i can block on port based(2425) on L3 switch & firewall,
But now the problem is in LAN, ie between PC's. So can you suggest some free software names, which i can use to block IP messenger
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24369206
There's plenty of free firewall software out there that can help you, such as ZoneAlarm.
Here's another http://personalfirewall.comodo.com/.  Even windows firewall should do the trick.
0
 
LVL 15

Expert Comment

by:riteheer
ID: 37511265
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Let Bitmoji into your life. Now is the time to learn a new language of smartphone messaging with this brief introduction.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question