?
Solved

Block IP Range

Posted on 2004-09-01
9
Medium Priority
?
643 Views
Last Modified: 2013-12-04
Hi, I have windows 2003 Server, Standard Edition. Is there anyway I can block a particular IP range from accessing anything. There is a particular person who keeps coming to all the stuff my server hosts, and causes trouble, I would like to ban him from everything, every port, and every program.
0
Comment
Question by:techiehost
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 7

Expert Comment

by:msice
ID: 11958504
You can deny the IP address on your router or ISA server if you have one, but if it is a dynamic IP it will not help you.
0
 
LVL 37

Accepted Solution

by:
bbao earned 1000 total points
ID: 11972524
you can do it, without buying any extra software, just use ROUTE command.

assume your subnet is 192.168.100.0/255.255.255.0, the IPs to be banned is 172.16.16.1-16/255.255.255.0, a reserved IP on your LAN is 192.168.100.250/255.255.255.0 (an valid address but not in use), then run the followings in a command prompt window:

route -p add 197.16.16.0 mask 255.255.255.240 192.168.100.250 metric 1

this command will forward any traffic for 172.16.16.1-16 to a place not existent, which eventually block the IPs at all.

hope it helps,
bbao
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 11983300
bbao... good solution but is there a typo in your route command??  shouldn't it be:

route -p add 172.16.16.0 mask 255.255.255.240 192.168.100.250 metric 1
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 37

Expert Comment

by:bbao
ID: 11983544
oh, yes, it should be "172.16.16.0". sorry for the typo. :)
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 1000 total points
ID: 11993040
Since win2k windows has what they call IPSEC- it's a program the is supposed to help you negoitiate secure communications, but can also deny traffic. And recently been improved, as it suffered from a vital flaw- which was allowing certain source ports through no matter what. Again, that's been remedied http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dnsbj_ips_dbmy.asp
(2003 by default is set to 3... so only isakmp traffic is exempt from ipsec filters- which will get this person no where http://support.microsoft.com/default.aspx?scid=811832)

on the run line type "secpol.msc" and at the bottom you'll see the IPSEC in a list. here is an article to help you configure it:
http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp#cisfa
http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/ipsec_filter-spec_create.asp

2003 ICF should have a way of doing this- they just added the function to XP (with sp2) but I haven't looked at 2003 lately.
-rich
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13968445
I think my answer covers the issue better than the other solutions of adding an asymetric route.
In addition, the author said he'd like to keep him from using programs, with active directory you can limit exe's that users can use. However windows XP or 2003 are the required OS's, meaning 2000
cannot restrict programs from running. Again the users have to be using xp or 2003 for this to work. An alternitive is using ZoneAlarm, it can "ban" programs from running.
-rich
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses
Course of the Month10 days, 23 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question