Solved

Blocking IPs in Windows 2003 using scripting

Posted on 2006-07-11
7
255 Views
Last Modified: 2013-12-04
My ftp server has been under a dictionary attack for the past few days. I need to know if windows is able to simply stop responding to packets recieved from a certain IP address. I have a firewall and I could always just add the IPs to that but I'd prefer to be able to do it in windows because then I can write a script to automatically "ban" IPs from my server. Anyone have any suggestions?
0
Comment
Question by:CyrexCore2k
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 1

Expert Comment

by:benab
ID: 17084569
Hi CyrexCore2k,
I don't know of a way to do it with the Windows 2003 FTP server.  You might consider finding another FTP server.

Here are two well known FTP servers.  I strongly suggest you use a secure FTP server if possible.

Cute FTP
http://www.cuteftp.com/gsftps/features.asp

Titan FTP
http://www.webdrive.com/products/titanftp/features.html


Good luck,
Ben
0
 
LVL 32

Expert Comment

by:r-k
ID: 17085548
In IIS Manager, right-click on your FTP site, select "Properties" then "Directory Security", and you can use the "Add" button to add offending IP's to the list there which are denied access.
0
 
LVL 37

Accepted Solution

by:
bbao earned 250 total points
ID: 17099291
> I can write a script to automatically "ban" IPs from my server.

just add ROUTE commands in your scripts. for more information, please see another post of mine which describes how to do it in detail.

http://www.experts-exchange.com/Networking/WinNT_Networking/Q_21913915.html

hope it helps,
bbao
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 14

Author Comment

by:CyrexCore2k
ID: 17100258
Oh wow that's exactly what I needed. Just do you have any idea how to get scripts to run commands?
0
 
LVL 14

Author Comment

by:CyrexCore2k
ID: 17100269
And also I don't want to permanently deny these IPs access since I figure these probably aren't static IPs... what's the command to remove the route when I'm done with it?
0
 
LVL 37

Expert Comment

by:bbao
ID: 17100441
i'd suggest you learning the full syntax of ROUTE command by simply giving a "ROUTE /?" (no quotation marks) at command prompt. anyway i give two simple demo bath files here just for your reference:

BLOCK.BAT
--------------------
goto %1
@ECHO Usage: BLOCK net_id
goto quit

:1
@ECHO to block 10.10.1.0 ~ 10.10.1.255 (192.168.0.253 is a non-existing IP)
ROUTE ADD 10.10.1.0 MASK 255.255.255.0 192.168.0.253
goto quit

:2
@ECHO to block 10.10.2.0 ~ 10.10.2.15 (192.168.0.253 is a non-existing IP)
ROUTE ADD 10.10.2.0 MASK 255.255.255.240 192.168.0.253
goto quit

:quit
--------------------

UNBLOCK.BAT
--------------------
goto %1
@ECHO Usage: UNBLOCK net_id
goto quit

:1
@ECHO to unblock 10.10.1.0 ~ 10.10.1.255
ROUTE DELETE 10.10.1.0 MASK 255.255.255.0
goto quit

:2
@ECHO to unblock 10.10.2.0 ~ 10.10.2.15
ROUTE DELETE 10.10.2.0 MASK 255.255.255.240
goto quit

:quit
--------------------
0
 
LVL 14

Author Comment

by:CyrexCore2k
ID: 17100657
I'm sorry I meant vbs windows scripts. =x I was wondering how you execute commands from those.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question