Page 1 of 2 12 LastLast
Results 1 to 20 of 33

Thread: How Block IPs Using Windows

  1. #1
    eUK-Martin's Avatar
    eUK-Martin is offline Windows System Administrator
    Join Date
    Nov 2005
    Location
    Earth
    Posts
    630

    Default How Block IPs Using Windows IPSec

    Hello All,

    Here is something that I would like to share with every one and quite rare to find out. This tutorial will show how to block IPs on Windows server without firewall using IPSec:

    Click 'Start' > 'Run' >type 'MMC' press ok.

    In the console click > 'File' > 'Add/Remove Snap in'

    In the 'Standalone Tab' click The 'add' button

    Seclect 'IP Security Policy Managment' > 'ADD' > 'Local Computer' > 'finish' > 'close' > 'ok'

    You should now be back to the console.

    In the left frame right click 'IP security policies on local computer' > 'Create IP security policy'

    Click Next and then name your policy 'Block IP' and type a description.

    Click 'Next' then leave 'activate' ticked then click 'Next'

    leave the 'edit properties ticked and click 'Finish'

    You should now have the properties window open.

    Click 'ADD' then click 'Next' to continue.

    Leave 'This rule does not specify a tunnel' selected and click 'next'

    Leave 'all network connections' selected and click 'next'

    You should now be on the IP filter list. You need to create a new filter, so dont select any of the default ones. Click 'ADD'

    Type a Name for your list, call it 'IP block list'
    Type a description in, can be same as name.
    Click 'ADD' then click 'Next' to continue.

    In the description box type a description. As its the first IP you are blocking call it 'IP1' or 'IP Range 1'
    Leave ticked the 'Mirrored. Match packets with the exact opposite source and destination addresses'
    Click 'Next'

    The 'Source address' should be left as 'My IP address' click 'Next'

    You can now select 'A Specific IP address' or 'A Specific Subnet' for the Destination address.
    Type in the IP address you want to block and if blocking a subnet type in the subnet block. Click 'next'

    Leave the protocol type as 'Any' and click 'Next' and then 'Finish'

    You have now blocked your first IP or IP range.

    One of the eUKhost blogs has this explained in more comprehensive way. Link: ASP SQL Blog

    *****UPADTE*****
    Now all these has been automated into a script. You do not have to worry about manually blocking IP on Windows server, you can just download the package below, run the setup and you are done. It will scan your server in every 5 mins and block IP address with more than 100 connection. Also it will not block host server IP address as well as those added in whitelist.

    Download Link: Browse QaasWall For Windows Files on SourceForge.net

  2. #2
    Rock's Avatar
    Rock is offline Technical Support (eUKhost.com)
    Join Date
    Oct 2006
    Location
    localhost
    Posts
    3,777

    Lightbulb

    Martin, this is something really wonderful ! This'd turn helpful in terms of our servers getting targeted by a specific IP address or an IP-Range.
    Really nice tutorial on blocking IP's using IPSEC for Windows – Packet Filtering

    Rock _a.k.a._ Jack
    eUK Windows Hosting || Windows Reseller Hosting
    Cloud Hosting 100% UPTIME! || Powerful Dedicated Servers
    Follow eUKhost on Twitter || Join eUKhost Community on Facebook

    For complaints, grievances or suggestions kindly email our FeedBack Dept.
    Proper action will be taken accordingly & instantaneously!

  3. #3
    bradmca is offline Forum Member
    Join Date
    Feb 2008
    Location
    London, UK
    Posts
    34

    Default

    This looks great, so it stops a range of spambots from known IPS from accessing all sites hosted on a VPS Hosting?

  4. #4
    eUK-Martin's Avatar
    eUK-Martin is offline Windows System Administrator
    Join Date
    Nov 2005
    Location
    Earth
    Posts
    630

    Default

    Yes, you can can block any and all IPs that you wish and with different protocols. If you know how to configure this utility then there is no need of a firewall on the server.

  5. #5
    wolverine is offline Forum Member
    Join Date
    Feb 2009
    Posts
    3

    Default

    Sorry to dig out this old thread but i got a bit confuse and need to confirm something.

    After i've done all the setting i exited the console. I opened the "MMC" again and see that the new rule actually "Not assign". Do i need to assign this new rule or it is working already and no need to right click and assign ?

    Since i did this on our customer life server remotely so i need to be extra careful.

    Btw after i did this on the server i still saw on the event viewer that this ip from italy "82.104.207.137" still trying to use our exchange smtp server but rejected coz' don't have the proper authorization. Possible this ip tried to brute force the password. I saw that this IP is keep trying to penetrate our server.

    Currently using Windows 2003 server R2 with exchange 2003

    Regards

  6. #6
    eUK-Martin's Avatar
    eUK-Martin is offline Windows System Administrator
    Join Date
    Nov 2005
    Location
    Earth
    Posts
    630

    Default

    Quote Originally Posted by wolverine View Post
    After i've done all the setting i exited the console. I opened the "MMC" again and see that the new rule actually "Not assign". Do i need to assign this new rule or it is working already and no need to right click and assign ?

    Since i did this on our customer life server remotely so i need to be extra careful.
    Yes, you will have to assign the rule [Right click and Assign] which means that you have applied the rule to the server. As soon as you assign the rule the brute force attack that you have from the IP should not appear at all.

  7. #7
    wolverine is offline Forum Member
    Join Date
    Feb 2009
    Posts
    3

    Default

    Wow that was fast, Just now i assigned already the rules to the server
    Now need to wait for 1 day and check the event viewer again for this particular stubborn IP.

    Btw can i ask why we must use the block IP on the "Destination". Shouldn't we use it on "Source" ?

    My noob brain keep thinking that now we are blocking our client server to connect to 80.104.207.137 and not the other way around. Please kindly explain a bit more if you have spare time.


    Thank you very much.

  8. #8
    eUK-Martin's Avatar
    eUK-Martin is offline Windows System Administrator
    Join Date
    Nov 2005
    Location
    Earth
    Posts
    630

    Default

    The method that has been used is both way around, means client access to the server as well as server access to the client is blocked. This is because we have chosen "Mirrored. Match packets with the exact opposite source and destination addresses"

    If you want to have the rule to be implemented for single direction then you will have to uncheck the Mirror box and specify Source as clients IP and Destination as "My IP Address"

  9. #9
    wolverine is offline Forum Member
    Join Date
    Feb 2009
    Posts
    3

    Default

    Quote Originally Posted by eUK-Martin View Post
    The method that has been used is both way around, means client access to the server as well as server access to the client is blocked. This is because we have chosen "Mirrored. Match packets with the exact opposite source and destination addresses"

    If you want to have the rule to be implemented for single direction then you will have to uncheck the Mirror box and specify Source as clients IP and Destination as "My IP Address"
    Ah thank you for the enlightment. Now i understand.
    Btw i changed the setting ,source = 82.104.207.137 and destination = My Ip address. But i still tick "Mirrored. Match packets with the exact opposite source and destination addresses". Should have the same result i think.

    Regards

  10. #10
    eUK-Martin's Avatar
    eUK-Martin is offline Windows System Administrator
    Join Date
    Nov 2005
    Location
    Earth
    Posts
    630

    Default

    Quote Originally Posted by wolverine View Post
    Ah thank you for the enlightment. Now i understand.
    Btw i changed the setting ,source = 82.104.207.137 and destination = My Ip address. But i still tick "Mirrored. Match packets with the exact opposite source and destination addresses". Should have the same result i think.

    Regards
    Yupe, it should give you the same results.

  11. #11
    hanuri is offline Forum Member
    Join Date
    Mar 2009
    Posts
    2

    Default

    I assume this works on Windows XP Pro aswell? I am not really a customer of yours, I just found this through google and it really helped me out. I got attacked hard from a french IP and I did this on my Windows XP Pro machine, I havent got attacked yet, though. But it should work, right? I did everything as you wrote and added a specific IP.

    PS; I put my other computers IP there and tried to access this computers network, it didnt work. What could have I done wrong?

  12. #12
    eUK-Martin's Avatar
    eUK-Martin is offline Windows System Administrator
    Join Date
    Nov 2005
    Location
    Earth
    Posts
    630

    Default

    Quote Originally Posted by hanuri View Post
    I assume this works on Windows XP Pro aswell?
    Yes, it would work on Windows XP professional as well since it includes IP Sec services.

    Quote Originally Posted by hanuri View Post
    PS; I put my other computers IP there and tried to access this computers network, it didnt work. What could have I done wrong?
    There are many reasons for it to fail but if you have followed the exact steps in the original post then it should work for sure.

    Are the other computers you have added are in private LAN..?

  13. #13
    hanuri is offline Forum Member
    Join Date
    Mar 2009
    Posts
    2

    Default

    Nope, they arent in private LAN. But when I tried to follow the steps, I got some messages about Kerberos V5. It was some sort of warning. Also, does it have anything to do with these things if I dont have my Windows firewall on. I assume this is a separate function, so windows firewall has nothing to do with it.

  14. #14
    eUK-Martin's Avatar
    eUK-Martin is offline Windows System Administrator
    Join Date
    Nov 2005
    Location
    Earth
    Posts
    630

    Default

    No, Windows firewall has nothing to do with the IP Sec service. It is a stand alone server which hides the inability of Windows firewall to block Single IP address.

    There is a link in original post that has images along with the steps to block IP in IP Sec, you can refer the link if you are still facing any difficulties.

  15. #15
    atashajules is offline Forum Member
    Join Date
    Apr 2009
    Posts
    17

    Default

    Thanks for the tutorial post about "How Block IPs Using Windows IPSec" it would help alot.

  16. #16
    Rock's Avatar
    Rock is offline Technical Support (eUKhost.com)
    Join Date
    Oct 2006
    Location
    localhost
    Posts
    3,777

    Smile

    Quote Originally Posted by atashajules View Post
    Thanks for the tutorial post about "How Block IPs Using Windows IPSec" it would help alot.
    Thank you This indeed is a wonderful & helpful tutorial

    Rock _a.k.a._ Jack
    eUK Windows Hosting || Windows Reseller Hosting
    Cloud Hosting 100% UPTIME! || Powerful Dedicated Servers
    Follow eUKhost on Twitter || Join eUKhost Community on Facebook

    For complaints, grievances or suggestions kindly email our FeedBack Dept.
    Proper action will be taken accordingly & instantaneously!

  17. #17
    atashajules is offline Forum Member
    Join Date
    Apr 2009
    Posts
    17

    Default

    I agree with you, completely.

  18. #18
    eUK-Martin's Avatar
    eUK-Martin is offline Windows System Administrator
    Join Date
    Nov 2005
    Location
    Earth
    Posts
    630

    Default

    This process has been automated now.. Please read my first post in full for more information.

    Enjoy..!!!

  19. #19
    bradmca is offline Forum Member
    Join Date
    Feb 2008
    Location
    London, UK
    Posts
    34

    Default

    Excellent , I have been thinking to do this in .net for some time
    --
    Brad
    ----------------------------------------------------------------------------------
    Add me to GoogleTalk / Skype: Brad@NetEvolution.co.uk

  20. #20
    Elliot is offline Forum Member
    Join Date
    Apr 2010
    Posts
    10

    Default

    Ok, on windows xp it works. But would it work on windows 7?

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
About eUKhost
We're a Leeds-based web hosting provider specialising in Linux- and Windows-based hosting solutions now serving over 35,000 customers worldwide. Across our network, we host over 2 million websites in our state-of-the-art data centres in Reading, Maidenhead and Milton Keynes. Find out more.
we're social

Copyright © 2014. eUKhost Ltd. All rights are reserved.

The opinions or views of users on the forum are those of the author and not of eUKhost Ltd.