Theres only the option to block/allow TCP/UDP ports in windows TCP/IP settings but I guess thats no use.

Cant think of any way to do it in Windows2k itself.

Hi there,

Do you use a router? if so what you can do is set an access-list on your router that will allow a certain range of ip addresses or certain types of traffic/protocols to have access in and out of your network.

If your company uses Cisco Routers then give me a shout and i'll right the access list for you.

Cheers

Christoff

How did you come up with that range of IP Addresses? Have you identified them as belonging to the people who are abusing the software?  The thing is, surely your company must be leasing there IP Addresses through DHCP?, depending on how your network is setup, do you know?, if you are all on the 1 LAN then unless you add static ip addresses to the specific MAC addresses of the abusers and set them on your server you might end up leasing one of the denied IP Addresses then you wouldn't be able to listen to it.

How about just setting access rights on the server there trying to connect to, i take it they connect in via username and password (profiles)? If they do just set the access rights to the folder allowing only certain users access to it.

I like problems like these

Cheers

Chris

So they actually use software to make the requests?

IF they used an ASP page it seems like it would be easy to block some IP address's and let other requests through. We just made something like it at work for an In/Out board type of deal. But if they use software to access the server (think I am confusing myself) then it wont use an ASP.

If your bored of reading this then just stop here.

To explain the In/Out board. Basically a list of people in each room and the person updates it when they are not there. Other people in the same room can also update that same person's record (for when off sick and things) but people in other rooms can't. Their IP address doesn't belong to the ones matching that room in an access database. And vice versa with an admin being the exception.

Sounds like what you want but again its in ASP's. If you want more help then just ask.

Hello to you to Harv.. bounce away.............

I think my first idea of adding an outbound access-list on your gateway to which the Win2Kpro PC resides would sort the problem straight away,

router(config)#access-list 1 deny 172.16.22.0 0.0.0.255
router(config)#access-list 1 permit any any
router(config)#interface fa0/0 (or serial 0/0)
router(config-int)#ip access-group 1 out
router(config-int)#no shutdown
router(config-int)#exit
router(config)#copy run start

Adding this to your router config would deny access to your Win2Kpro PC from the 172.16.22.0 subnet and allow your own subnet to carry on using it.

The only problem with doing this is do the users from the 172.16.22.0 subnet need to have access to any servers or services located in the same subnet as your mp3 database? if so then we would have to restrict them access to the actual protocol that uses the transfer of data from the mp3 database, probably uses ftp. so it would then become:

router(config)#access-list 100 deny tcp 172.16.22.0 0.0.0.255 eq ftp
router(config)#access-list 100 permit any any
router(config)#interface fa0/0 (or serial 0/0)
router(config-int)#ip access-group 100 out
router(config-int)#no shutdown
router(config-int)#exit
router(config)#copy run start

But hey if this is 2 much hassle let's look for something else

Cheers

Chris

sshhh!!! i just made it up but don't tell him.

only kidding that should sort ya.