| View previous topic :: View next topic |
| Author |
Message |
rado3105
Apprentice
Joined: 14 Jul 2007
Posts: 293
|
 Posted: Sat Jan 02, 2010 10:00 pm Post subject: How to block network discovery? |
 |
|
Is possible to block network discovery? I dont want from people on my network to see each other(using various programs...) or to know architecture of network....
Last edited by rado3105 on Sat Jan 02, 2010 10:14 pm; edited 1 time in total |
|
| Back to top |
|
 |
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23066
|
| Posted: Sat Jan 02, 2010 10:14 pm Post subject: |
|
|
| Yes. Configure your switch to disallow passing traffic on the relevant discovery protocols. |
|
| Back to top |
|
|
rado3105
Apprentice
Joined: 14 Jul 2007
Posts: 293
|
| Posted: Sat Jan 02, 2010 10:16 pm Post subject: |
|
|
| so there is enough to block udp port 1900? or any other? |
|
| Back to top |
|
|
Inodoro_Pereyra
Advocate
Joined: 03 Nov 2006
Posts: 2631
Location: En la otra punta del cable
|
| Posted: Sat Jan 02, 2010 10:17 pm Post subject: |
|
|
And by network discovery you are talking of...?
You can block uPNP, SSDP, SNMP Netbios broadcasts and any other protocol you can think on using firewalls o routing between hosts but you can't block ARP traffic for example, or your box will be isolated from the net.
A little more info would be useful.
Cheers!
_________________
Mi Blog.
Si no fuera por C, estaríamos escribiendo programas en BASI, PASAL y OBOL. |
|
| Back to top |
|
|
rado3105
Apprentice
Joined: 14 Jul 2007
Posts: 293
|
| Posted: Sat Jan 02, 2010 10:22 pm Post subject: |
|
|
| I want to disable discovery samba(but not if client has specific ip, just discovery), discovery network(and computers on network - using various tools like mikrotik dude..), and what is recomended. I dont want block services, just discovering ....of services using various tools.. |
|
| Back to top |
|
|
Bircoph
Retired Dev
Joined: 27 Jun 2008
Posts: 261
Location: Moscow
|
| Posted: Sun Jan 03, 2010 6:44 am Post subject: |
|
|
| Inodoro_Pereyra wrote: | but you can't block ARP traffic for example, or your box will be isolated from the net.
|
But you may filter it, e.g. to remove local replies from local hosts to non-servers. Ebtables may be usefull here.
_________________
Per aspera ad astra! |
|
| Back to top |
|
|
rado3105
Apprentice
Joined: 14 Jul 2007
Posts: 293
|
| Posted: Sun Jan 03, 2010 9:21 am Post subject: |
|
|
| Just part of network is bridged, all connections goes through routers, so I dont need ebtables. Just need to know what is good to block(what ports, I just found 1900udp port). |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23066
|
| Posted: Sun Jan 03, 2010 5:38 pm Post subject: |
|
|
| What do you hope to accomplish by this blocking? |
|
| Back to top |
|
|
|
Networking & Security
