hi,i know in some countries, several people share the same ip but
different ports, so i think "block ip only" is not appropriate. may we
should just block the right port at the right ip.does anybody there
agree with me?

samplestrategy@gmail.com dixit:

> hi,i know in some countries, several people share the same ip but
> different ports,

In order to share the same physical IP address, you gotta have a router
that supports NAT or some other protocol that will translate between public
(physical) and virtual (private) IP addresses.

So, the rule is, a host = an IP address and, yes, perhaps several ports
for different apps.

>so i think "block ip only" is not appropriate. may we
> should just block the right port at the right ip.does anybody there
> agree with me?

This is essentially what a firewall does: block ports.

Marcos


>
>

samplestrategy@gmail.com wrote:
> hi,i know in some countries, several people share the same ip but
> different ports, so i think "block ip only" is not appropriate. may we
> should just block the right port at the right ip.does anybody there
> agree with me?

If you're asking if it is possible to block one or more of a group of
PCs that are sharing a single IP by blocking a particular port number,
the answer is no. The client end of a connection uses ephemeral port
numbers that change with every use. E.g., if a client loads a webpage
in a browser, multiple TCP sessions are used to download the various
elements of the webpage and every TCP session uses a different port
number at the client end. So a client might use 20 or more unique port
numbers to load a single webpage into a browser.

NM

crazy! many thanks! thanks again.