CrazyEngineers V4: Early Access

We are developing the next version of CrazyEngineers. If you wish to receive latest updates and early access, click the link below.

  1. Home >
  2. Apps >
  3. Groups >

Port Blocking in Windows 2003 Server

Question asked by Aashish Joshi in #Gadgets on Aug 24, 2011
Aashish Joshi
Aashish Joshi 路 Aug 24, 2011
Rank B1 - LEADER
Hi guys,

I have a bit of a problem at work. I have people downloading files using torrent clients.😡 How do I stop this? I am thinking of blocking all but a couple of ports, to prevent the torrent client from connecting to internet.

About the network infrastructure, we have a Beetel Modem + Router and a Windows 2003 server acting as DNS and DHCP server. Is it possible for me to block ports using the said infrastructure?

Also using ipsec, if I block the ports for the server, will it effect the other systems on the network or not?

I will not get approval for purchase of a new router or any additional equipment, so I have to make do within the existing infrastructure.😔 All solutions are welcome!

Regards,
mad_scientist Posted in: #Gadgets
durga ch
durga ch 路 Aug 24, 2011
Rank A2 - PRO
firstly,
what are the services the employees are allowed to use ?
Nevertheless, try implementing ACLs (access control lists) to block specific kind of programs from accessing the internet. It does not require too much of effort.
ACLs (access control lists) are a simple way to control the inbound and outbound traffic within a given network. They are mainly implemented on the Routers.
The syntax format of a ACL is generally:

ip access_list extended where destination IP can be 'any' for unknown addresses and estination port will be important here. Source IP shall be your network addresses itself . Its the destination port which would be important.
Since you mentioned torrents I am assuming, it has to do with blocking or rather screening between the extrnal network and internal network and not exaclt on the windows server .

as well, I came across another method other than implementing ACLs . Controlling Peer-to-Peer (P2P) Traffic with Cisco NBAR | Slaptijack

the above link is for cisco routers, there should be similar method for beetal as well
ask your network admin, to do either of the methods
Aashish Joshi
Aashish Joshi 路 Aug 25, 2011
Rank B1 - LEADER
I just thought of something we did in our college hostel.

Would it be easier if I just setup a proxy server? The modem will be connected to the server, and the server will allow/deny or restrict all the connections. There are proxy software available for this purpose, like CCProxy, etc.
durga ch
durga ch 路 Aug 25, 2011
Rank A2 - PRO
Hmm, implementing a proxy server is as well ok, but I was thinking in case you are implemeting a proxy server, why not do it at the DNS level itself? I dont know exact implementation steps for implemeting proxy servers.
Aashish Joshi
Aashish Joshi 路 Aug 25, 2011
Rank B1 - LEADER
Hmm, I didn't know we could do that! Implement the proxy server at the DNS level I mean! Any pointers??
durga ch
durga ch 路 Aug 26, 2011
Rank A2 - PRO
hey,
I dont know what DNS you are using, but have a look at this offering by Open DNS.
Its free and content filtering is as well provided

OpenDNS > Comprehensive Web Content Filtering
Prasad Ajinkya
Prasad Ajinkya 路 Aug 26, 2011
Rank B1 - LEADER
Interesting problem.

You can filter the requests at the DNS level, however there is no easy way of forcing everyone to use the DNS defined. A better approach is a proxy server and allow only HTTP traffic through. As long as you are filtering traffic, you can screen out the P2P traffic.
durga ch
durga ch 路 Aug 27, 2011
Rank A2 - PRO
@ Kidakaka - I was thinking since they seem to be already having their own DNS server all employess migth be querying it (i know too many assumptions), thought this might work. But nevertheless, I agree applying ACLs or using a proxy is better idea.

You must log-in or sign-up to reply to this post.

Click to Log-In or Sign-Up