f



block the right port on the right ip

hi,i know in some countries, several people share the same ip but
different ports, so i think "block ip only" is not appropriate. may we
should just block the right port at the right ip.does   anybody  there
agree with me?

0
samplestrategy
5/12/2006 9:42:28 AM
comp.protocols.tcp-ip 4448 articles. 0 followers. Post Follow

3 Replies
464 Views

Similar Articles

[PageSpeed] 46

samplestrategy@gmail.com dixit:

> hi,i know in some countries, several people share the same ip but
> different ports, 

 In order to share the same physical IP address, you gotta have a router 
that supports NAT or some other protocol that will translate between public 
(physical) and virtual (private) IP addresses.

 So, the rule is, a host = an IP address and, yes, perhaps several ports 
for different apps.

>so i think "block ip only" is not appropriate. may we
> should just block the right port at the right ip.does   anybody  there
> agree with me?

 This is essentially what a firewall does: block ports.

Marcos                    


> 
> 



0
Marcos
5/12/2006 12:01:15 PM
samplestrategy@gmail.com wrote:
> hi,i know in some countries, several people share the same ip but
> different ports, so i think "block ip only" is not appropriate. may we
> should just block the right port at the right ip.does   anybody  there
> agree with me?

If you're asking if it is possible to block one or more of a group of
PCs that are sharing a single IP by blocking a particular port number,
the answer is no.  The client end of a connection uses ephemeral port
numbers that change with every use.  E.g., if a client loads a webpage
in a browser, multiple TCP sessions are used to download the various
elements of the webpage and every TCP session uses a different port
number at the client end.  So a client might use 20 or more unique port
numbers to load a single webpage into a browser.

NM

0
News
5/13/2006 1:42:08 AM
crazy! many thanks! thanks again.

0
samplestrategy
5/19/2006 8:15:37 AM
Reply: