Comments on: How to Block IP Addresses in Windows Server 2003

By: yOni

yOni — Fri, 25 Nov 2011 15:30:58 +0000

All works great, but one question: in the ‘IP Traffic Source’ the “Source address” is my ip address or the attacking ip?
thanks all

By: Bob

Bob — Thu, 18 Aug 2011 14:24:03 +0000

Do you have to restart IIS or anything to get it to take? My Malwrebytes Anti-Malware is still shoing that it successfully blocked access to a potential malicious website: 83.133.127.167 even thought I’ve got it setup in the security policy.

By: Larry Samuel

Larry Samuel — Wed, 25 May 2011 21:07:51 +0000

Policy assigned “but the IPSec servicesx is not running. you must start the IPSec Services.

By: Eric Anderson

Eric Anderson — Fri, 01 Apr 2011 01:23:01 +0000

I have been using IP Security Policy for years. It is rock solid, better than “smart” firewall stuff.

Be careful not to block yourself out, especially if you are remotely administering via RDP. Make sure you have default ALLOW for your local service carrier and all their permutations.
Then double that ALLOW as a backup.

I have blocked most of China and Russia. The attacks on our server have diminished to less than 10% of before the BLOCKs.

Now I watch the mail server logs looking for trash. What is the IP? Go to
http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml

Where are those guys? <– You're friggen BLOCKED because I said so.

None of our customers do business over there. There is NO reason for communication with them.

I love this IP Security stuff.

Don't forget to EXPORT your Policies and Backup off site.
Rebuild the machine for any reason and you'll have all your rules waiting for you. (Or retype, retype, retype…)

And THANKS for that subnet calculator. Put the pencil to bed.

By: Wolfy

Wolfy — Fri, 21 Jan 2011 13:08:52 +0000

After banging my head against the wall several times and launching one computer into orbit, I rediscovered what I learned years ago.

To block a RANGE of IP’s, you have to have the correct subnet. When doing step 19, if you reference http://www.subnet-calculator.com/subnet.php?net_class=A and READ THE SCREEN CAREFULLY you will see that to block the range of 58.218.0.1 to 58.218.255.254 you will put in a subnet of 255.255.0.0

By using the calculator I referenced, you can easily determine the subnets for any IP address. As you wonder which CLASS (A,B,C) you should choose because its not taking what you are putting in, look to the right at First Octet Range and it will show you what the first octet (AAA in example AAA.BBB.CCC.DDD) can be for each class.

Ed, if you still look here, YES you have to do it for each server, or block it in the main router or at each router (this would keep the traffic from ever hitting the server to begin with)

I hope this sheds some light on a seemingly simple task …

Email me at codehill.com at thewolfsden dot net (NO I AM NOT AFFILIATED WITH THIS SITE, Using the sites name lets me know where the emails come from or are stolen from) and I will try to help if I can, but, don’t be surprised if it takes me forever to respond…

By: Ed

Ed — Wed, 29 Dec 2010 22:04:36 +0000

Thanks for the info. Tested and it was working on my testing server. My question is do I need to repeat it on all other 2003 servers?

By: s7 1200

s7 1200 — Fri, 19 Nov 2010 10:04:08 +0000

Thank You for information.
I want to buy some VPS so I must think also about this

By: Snef

Snef — Thu, 23 Sep 2010 14:18:35 +0000

Do not forget to ‘assign’ the policy!

By: Amgad

Amgad — Sat, 04 Sep 2010 05:47:30 +0000

@Steve yes you can, when you reach step 18 restrict any IP. Then add a new rule, repeat from step 7, to Permit the IP addresses you want to allow access to the server.

By: Steve

Steve — Fri, 03 Sep 2010 14:45:35 +0000

Is there a way to only ALLOW specific listed IP addresses to access a site, and all others are blocked?