Port Blocking in Windows 2003 Server

Hi guys,

I have a bit of a problem at work. I have people downloading files using torrent clients.๐Ÿ˜ก How do I stop this? I am thinking of blocking all but a couple of ports, to prevent the torrent client from connecting to internet.

About the network infrastructure, we have a Beetel Modem + Router and a Windows 2003 server acting as DNS and DHCP server. Is it possible for me to block ports using the said infrastructure?

Also using ipsec, if I block the ports for the server, will it effect the other systems on the network or not?

I will not get approval for purchase of a new router or any additional equipment, so I have to make do within the existing infrastructure.๐Ÿ˜” All solutions are welcome!

Regards,
mad_scientist

Replies

  • durga ch
    durga ch
    firstly,
    what are the services the employees are allowed to use ?
    Nevertheless, try implementing ACLs (access control lists) to block specific kind of programs from accessing the internet. It does not require too much of effort.
    ACLs (access control lists) are a simple way to control the inbound and outbound traffic within a given network. They are mainly implemented on the Routers.
    The syntax format of a ACL is generally:

    ip access_list extended where destination IP can be 'any' for unknown addresses and estination port will be important here. Source IP shall be your network addresses itself . Its the destination port which would be important.
    Since you mentioned torrents I am assuming, it has to do with blocking or rather screening between the extrnal network and internal network and not exaclt on the windows server .

    as well, I came across another method other than implementing ACLs . #-Link-Snipped-#

    the above link is for cisco routers, there should be similar method for beetal as well
    ask your network admin, to do either of the methods
  • Aashish Joshi
    Aashish Joshi
    I just thought of something we did in our college hostel.

    Would it be easier if I just setup a proxy server? The modem will be connected to the server, and the server will allow/deny or restrict all the connections. There are proxy software available for this purpose, like CCProxy, etc.
  • durga ch
    durga ch
    Hmm, implementing a proxy server is as well ok, but I was thinking in case you are implemeting a proxy server, why not do it at the DNS level itself? I dont know exact implementation steps for implemeting proxy servers.
  • Aashish Joshi
    Aashish Joshi
    Hmm, I didn't know we could do that! Implement the proxy server at the DNS level I mean! Any pointers??
  • durga ch
    durga ch
    hey,
    I dont know what DNS you are using, but have a look at this offering by Open DNS.
    Its free and content filtering is as well provided

    #-Link-Snipped-#
  • Prasad Ajinkya
    Prasad Ajinkya
    Interesting problem.

    You can filter the requests at the DNS level, however there is no easy way of forcing everyone to use the DNS defined. A better approach is a proxy server and allow only HTTP traffic through. As long as you are filtering traffic, you can screen out the P2P traffic.
  • durga ch
    durga ch
    @ Kidakaka - I was thinking since they seem to be already having their own DNS server all employess migth be querying it (i know too many assumptions), thought this might work. But nevertheless, I agree applying ACLs or using a proxy is better idea.

You are reading an archived discussion.

Related Posts

Hi friends,๐Ÿ˜ This is Daniel Smith and I am new to this forum. I am really feeling good to be out here since I am a regular reader of the...
please give me concept of zero turn mechanism in tata pixel ๐Ÿ˜€
I'm not comparing the specific versions here (we may, if needed) but I'm looking for the core differences between these two popular unix based operating systems. I'm more interested from...
Windows 8 will have refreshed basic computing functions like copy files and folders, rename and move. All the multiple copy functions will appear in a single window. The whole progress...
i've been blogging for nearly a year and now the blogoversary of my first blog (the one i started after getting inspired by some CEan bloggers ๐Ÿ˜‰ ) which is...