Block TCP Ports

**Avad** · March 10th, 2004, 03:51 PM

I have a requirement for which I need a client application running on a windows machine to use up (occupy/block) a range of ports so that no other application can use these ports.

This application is to be written using ATL,STL,Win32 SDK. So no MFC please.

The question is what the most efficient way to do this?

TIA

**Krishnaa** · March 11th, 2004, 01:37 AM

You need LSP (Layered Service provider) for Winsock to be able to block ports.

See http://www.microsoft.com/msj/0599/La...edService.aspx

**PadexArt** · March 11th, 2004, 03:08 AM

Get a firewall.

**Andreas Masur** · March 11th, 2004, 03:43 AM

[Moved thread]

**NoHero** · March 11th, 2004, 03:45 AM

you may bind your sockets with these ports and block all icoming events ... hang on, i will give you code when i am at home, or wait for the gurus

**Andreas Masur** · March 11th, 2004, 04:11 AM

[Merged threads]

**Mathew Joy** · March 11th, 2004, 07:04 AM

LSP is good but it only blocks the calls from winsock. Others (TDI for instance) can bypass it. The easier option is filter APIs which is easy but works only in w2k+. Check PfCreateInterface() and co. The other (hard way) is writing NDIS low layer filter hook. This may help you started.

**Avad** · March 15th, 2004, 04:09 PM

I had written a small app that will attempt to bind my sockets within the range of TCP ports [1024-4995]. The problem is I cannot browse to certain web sites and some of the applciations are not working correctly. So, I am assuming these applications need to use one of the ports that my test app has blocked. How woul dI know not to block some essential ports? Is there a list somewhere that will provide me this info?

Here is my test code

Code:

#include "stdafx.h"
#include <winsock2.h>
#include <list>

using namespace std;
int APIENTRY WinMain(HINSTANCE hInstance,
                     HINSTANCE hPrevInstance,
                     LPSTR     lpCmdLine,
                     int       nCmdShow)
{
	list<SOCKET>		m_lstSocket;

 	SOCKET		server;
	WSADATA		wsaData;
	sockaddr_in local;

	int wsaret=WSAStartup(0x101,&wsaData);
	if(wsaret!=0)
    {
        return 0;
    }

	local.sin_family=AF_INET; //Address family
    local.sin_addr.s_addr=INADDR_ANY; //Wild card IP address

	for(int nCounter = 1024;nCounter < 4995;nCounter++)
	{
		local.sin_port=htons((u_short)nCounter); //port to use
		server = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
		bind(server,(sockaddr*)&local,sizeof(local));
		m_lstSocket.push_back(server);
	}

	list<SOCKET>::iterator it;
	for (it = m_lstSocket.begin(); it != m_lstSocket.end();it++)
		closesocket((SOCKET)(*it));

	WSACleanup();
	return 0;
}

**Mathew Joy** · March 15th, 2004, 11:05 PM

This is the worst way to do it. Socket creation is expensive considering the time and resource used. Well, if you create about 5000 sockets that do nothing, it is a big waste of resource, and your browser may not display properly because the lack of the said. Moreover other applications may need the resource (mainly non-paged memory) that you use up. One of the biggest problem with using up the NP memory is that, your whole os could crash if some driver doesn't behave properly because of the lack NP memory. Also binding to a port doesn't mean that other applications cannot bind to it. Another question is, what if the port you already want to block is already bound by an application?

**Avad** · March 16th, 2004, 11:25 PM

Thanks for the suggestion. I understand this is not the best way to work with sockets but that is reason I posted this query here. If I knew what the most efficient way to do what is required, I would have saved my time than type a query here.

Coming back to the problem, I dont know if using sockets is the solution here. So let me start of with the actual problem and see if I can get some leads on how to solve this.

Problem: An application we use, utilizes the first available free TCP port within the range 1024-5000. The problem is with the range. this range is to big and we have to reduce it to a /10 port range.

The way I attempted to get around this is to write a wrapper around this application. The idea for this wrapper is to take up/block the other ports to force the actual app to use the smaller port range.

Is this a good way of solving my problem? What are my other options?

p.s: I cannot modify the original app, so please no suggestions on modifying the original app.

**Mathew Joy** · March 17th, 2004, 12:04 AM

Originally posted by Avad
Problem: An application we use, utilizes the first available free TCP port within the range 1024-5000. The problem is with the range. this range is to big and we have to reduce it to a /10 port range.

I don't see any problem. You want to use the first available port. Why do you want to block then? Just loop the bind(). Start with port 1024 and break when you have a successfull bind. I still don't understand what you are trying to do.

**Avad** · March 17th, 2004, 12:10 AM

The problem is I have to force the main application to use ports 2000-2005 ONLY. So even if one of the ports in the range of 1024-2000 and 2005-5000 is free, I should not allow the main application to use them. Hope this helps.

**Mathew Joy** · March 17th, 2004, 12:42 AM

So whats the problem? Loop from 2000 to 2005. Check the RFC 1700 that describes the ports of well known services to see if any sevice uses it. At binding if all of the 5 (6 ??) ports are blocked you have no choice but to inform the user. He has to shutdown the application that uses it. BTW are you using all of the ports in the range or any of the port?

**Lasse** · March 17th, 2004, 04:51 AM

You could make a Firewall

Lasse.

Thread: Block TCP Ports

Thread Tools

Display

Using sockets to block ports

block TCP ports

Posting Permissions