Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to block ip messenger in L2 and L3 level

Posted on 2009-05-12
13
Medium Priority
?
1,490 Views
Last Modified: 2012-05-06
I need to block ip messenger on L2 and L3 lever(eg: if we use access-list it will block only in L3 level & can use between PC on same Vlan) I need complete block of this program on my enterprice network, We have L2 swich, L3 swich,firewall,Gateway route etc
 https://sourceforge.net/projects/execblock Is useful tool....?

Thanks
Sanoj
0
Comment
Question by:sanojmc
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 6

Expert Comment

by:dvast8n
ID: 24368510
Block port 2425
0
 

Author Comment

by:sanojmc
ID: 24368663
HI.

I am aware that it is using TCP & UDP port 2425,I can block with ACL on router, But how can i block on same Lan, Ie PC's which is connected on same access swich

0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24368686
Which messenger are you referring to? MSN messenger or the messenger service?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:sanojmc
ID: 24368769
Hi,

It is not MSN, It is "IP Messenger"
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24368806
0
 
LVL 6

Expert Comment

by:dvast8n
ID: 24368900
In my searching here are some ideas:

Q: Is it Possible to block this port number within LAN ?. How this
:is possible ?

A: It depends on the LAN infrastructure.

- On most Layer 2 switches, NO.

- On some Layer 2 switches, such as some in the Cisco 29x0 line, you
can put in Layer 4 ACLs (but not as flexibily as with higher order
switches.) Some of these switches also allow you to do limited
traffic policing, which would allow you to control the traffic rate
without necessarily banning it.

- On many Layer 3+ switches, you can put in Layer 4 ACLs and/or
Policy Based Routing. Layer 3+ switches often (but not always) have
more flexible traffic rate controls

- On most routers you can do it

- There are Layer 2 Transparent Firewalls that can block traffic while
leaving the rest untouched. However, that would serve mostly to segment
your network into pieces that could still ipmsg to each other.

- On some switches and routers, you can force all traffic "in" some ports
to be directed to a particular port, with the "out" traffic only
permitted from those special ports. This feature in combination with
a firewall (such as a Layer 2 Transparent Firewall) can overcome
the segmentation limitation.


But if you just have regular layer 2 switches with no special features,
then you cannot really block any internal traffic. If the switches
have a port "spanning" / "mirroring" feature, you could possibly siphon
off a copy of the traffic over to an IDS, and have the IDS send
TCP RST or other suitable packets to tell the conversations to close
down. It isn't quite "blocking" but it can be effective.
0
 

Author Comment

by:sanojmc
ID: 24368907
Hi

I know this solution before, It is good solution in L3 level,
But what i am asking is If some pc is connected to same L2 switches, How can i block the IP messenger communication between them, (ACL cant apply in access switch)
0
 
LVL 7

Accepted Solution

by:
LANm0nk3y earned 2000 total points
ID: 24368942
Then this is a software management question.

You may want to install/turn on firewall software and have it locked down.
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24368976
If this is a windows domain environment (Win XP or higher), group policy has firewall policy that you can administer.
0
 

Author Comment

by:sanojmc
ID: 24369093
Thanks for your support,
So i can block on port based(2425) on L3 switch & firewall,
But now the problem is in LAN, ie between PC's. So can you suggest some free software names, which i can use to block IP messenger
0
 
LVL 7

Expert Comment

by:LANm0nk3y
ID: 24369206
There's plenty of free firewall software out there that can help you, such as ZoneAlarm.
Here's another http://personalfirewall.comodo.com/.  Even windows firewall should do the trick.
0
 
LVL 15

Expert Comment

by:Jeff Perkins
ID: 37511265
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Months ago my boss came to me with a simple request, “How can we minimize GoTo meeting accounts and also improve our integration and collaboration initiatives?”  Well the answer, with some research, was easy… Lync.  Lync provided us all the necessar…
Popular third-party chat platforms like Slack, Discord, and Telegram are just a few of the many new productivity applications that are being hijacked by cybercriminals to create command-and-control (C&C) communications infrastructures for their malw…
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question