Solved

Block Multiple Incoming IP connections using Windows Firewall

Posted on 2010-11-25
9
1,364 Views
Last Modified: 2012-05-10
I'm using a Windows 2008 server and wanted to know if there was a way to block multiple incoming IP connections to the server using Windows Firewall?

eg If there is 4 connections from the SAME IP. It would prevent it from allowing additional connections OR it would block that IP completely.

This is to prevent certain security issues I’ve been getting - mainly due to UDP flooding.
0
Comment
Question by:ultramoo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 6

Expert Comment

by:fluk3d
ID: 34212240
If you block that IP it will block all connections you do not need to specify the service your blocking unless you set it up that way.
0
 

Author Comment

by:ultramoo
ID: 34212346
problem is everyday I have about 5 to 6 differnet IPs that attempt to attack. It makes it difficult to manually add IP blocks all the time. So i need somthing automated that will block for me when the attack occures
0
 
LVL 6

Expert Comment

by:fluk3d
ID: 34212354
Is this server public facing? Would it be worthwhile to implement a hardware firewall that has IPS/IDS? This would take all the stress of the machine
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 

Author Comment

by:ultramoo
ID: 34212371
I run public game serves and our popularity is rapidly increasing. Some of the game servers are not well implemented and have many issues. I've read an artical explain how to fix some of the issues and which of them is to block multuple IP connections. They gave instructions for linux but not windows. So there is no way for windows to do this?
0
 
LVL 6

Expert Comment

by:fluk3d
ID: 34212394
You can block the entire subnet if they are "like" however, the windows firewall is not huerestic based it is primarily designed for blocking connections that are not specified on the ACL.

The articles you were reading were probably related to ipchains/iptables which have that ability with custom programming.

If you are looking for something more automated based on anomalies/type of traffic/ddos/dos prevention the only suggestion I would have is a software based firewall designed for deep packet inspection.
0
 
LVL 5

Accepted Solution

by:
xylog earned 500 total points
ID: 34212646
I wrote this batch file before I realized you said UDP. UDP is not connection based so there is no way to check the number of connections. You could do this for tcp with a batch file that used netstat to count connections. For UDP you would have to monitor number of packets per second per IP or something similar. There are perfmon counters for these. I will try to do one for  UDP using the counters.

Please note this batch file uses sort and uniq which are utilities you can find here -> http://sourceforge.net/projects/unxutils/


@echo off 
if exist %temp%\~tempfile.txt del %temp%\~tempfile.txt
if exist %temp%\~tempfile2.txt del %temp%\~tempfile2.txt
if exist %temp%\~tempfile3.txt del %temp%\~tempfile3.txt
for /f "tokens=3" %%i in ('netstat -an ^|findstr /i established^|findstr /v 127.0.0.1') do echo %%i >> %temp%\~tempfile.txt
for /f "delims=:" %%i in (%temp%\~tempfile.txt) do echo %%i>>%temp%\~tempfile2.txt
sort %temp%\~tempfile2.txt|uniq -c > %temp%\~tempfile3.txt
for /f "tokens=1-2" %%i in (%temp%\~tempfile3.txt) do if %%i neq 1 echo Block %%j with %%i connections && netsh advfirewall firewall add rule name="Block %%j" dir=in protocol=any action=block remoteip=%%j

Open in new window

0
 
LVL 5

Expert Comment

by:xylog
ID: 34212664
WARNING!!!! The script above is set to ban any ip with more than one connection!!!! I did this for testing and forgot to change it to 100 or some large value. This can be potentially disastrous especially if you are connecting to a remote server using RDP. You could very easily ban your own ip!!!!!
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 34213328
To avoid confusion, instead of:
"a way to block multiple incoming IP connections"
(which would restrict all but one connection over all)
perhaps
"a way to block multiple incoming connections from the same IP"

A lot depends on what you want.
You can certainly block individual IP addresses or subnets  or contiguous ranges of IP addresses.
In some firewalls, you can make a list of them and group list entires into a single rule.

A good firewwall will deal with such attacks.  Something like Juniper Networks SSG-5 or 20 or ....
0
 

Author Closing Comment

by:ultramoo
ID: 34214000
Thanks for this script. I can now use this idea  and implement a simple program in C to check for multiple IP connections and block them - didn't think of this before.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question