blocking ports on an internal network

C

copeland3300

Gawd
Joined
Jan 8, 2003
Messages
640
Hey all. I work at a computer camp this summer, and games that people can play over the LAN are really popular here (i wonder why...). the only problem is that sometimes when the kids are supposed to be working on projects, they play games instead and sneak games when they're not supposed to at other times. I was hoping that there was some way I could block traffic at certian points in the day based on port numbers. Is there a simple and easily switchable way to block traffic on ports that I specify?
 
What you'll be looking for is a Managed Switch. CDW sells good ones, expect to pay up to $20/per port for no less than 12 ports. (And most of the good ones are around $600 in my opinion).

If you're looking to change the blocked ports based on certain times, I'd advocate getting a Cisco Managed Switch, 2950 series are still pretty decent, but have some security flaws that haven't been patched in years, 3550s looks like worthy successors.

Once you've got the switch, expect to spend a lot of time getting familiar with Cisco's IOS, and learning the pin-out of your RS-232 port on the back of your PC (also the pinout of a Cisco Console RJ-45 Jack).

Then you can either setup a script on the router, or on a permanently connected machine to change the port blocks that are on the switch.

So, yes, but expect to spend a lot of time doing it, as games can be configured on.... well, any port if the kids have some motivation.
 
Oh, also note, this won't change things like FlashGames, to strip out Flash specifically from HTTP requests, you're going to at least need a good PIX or equivalent... Would probably be easier to lock down the machines and make sure Flash isn't installed.
 
IPCop with the mod: BlockOutTraffic you will be able to control the open ports automaticly(also timed intervals) at one central point, ie the gateway of your network.

Since IPcop already has a built in Proxy (Squid) it should be possible to stop flashgames. :)

For more help on specific IPCop issues goto IPCops UNofficial Forum.

-E

 
You must log in or register to reply here.
Back
Top