how do I block packets from source x.x.x.x on SBS 2003 ( ISA2004)

Posted on 2011-04-18
Medium Priority
Last Modified: 2012-08-14
Dow do I block packets from source x.x.x.x

Sharing a network and the person that setup the VLAN did something wrong, my server keeps rejecting traffic from his network. This traffic slows the server down, and my DHCP is sometimes assigning his clients with ip. The DHCP server is forced offline daily, because he has one on his side as well.
Question by:Yeaktom

Expert Comment

ID: 35422119
The usual approach with firewalls is to block everything except the traffic you want to permit.

To completely block out a specific IP go to  your Packet Filters section under Access Policy and create a new custom rule than blocks all traffic (IP Protocol: Any;Direction:Inbound) on the external ISA server's NIC for the Remote Computer you want to apply the filter to.

LVL 11

Expert Comment

ID: 35422148
at IP or MAC level you can filter/reject packets if you have a Firewall between both sides

if not and considering you run your DHCP on your windows 2003 server there's an add-on that implements MAC filtering (MacFilterCallout.msi )
now is included with Server 2008 DHCP service, see here:

Author Comment

ID: 35422169
The server is flooded with traffic, similar to this.

Denied Connection XXXSRV 2011/04/19 09:25:44 AM
Log type: Firewall service
Status: A packet was dropped because ISA Server determined that the source IP address is spoofed.
Source: External ( 192.168.10.XX:137)
Destination: External (
Protocol: NetBios Name Service
 Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 192.168.10.XX
Client agent:
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35422890
do you have x.x.x.x vlan range on internal ISA network ranges? this will not solve the problem but will prevent this alert from appearing again.

to solve the problem you have to find the source. is that VLAN allowed to use the internet ? if not, just dont offer default gateway on DHCP to this VLAN.

hope I understand the case properly...
LVL 26

Accepted Solution

Leon Fester earned 1000 total points
ID: 35424921
While your two networks have some connectivity you'll always be getting traffic on your ISA NIC's.

Since the VLAN hasn't been configured correctly, you'll not be able to stop your ISA box from receiving traffic from "the other side".

NOTE: Your ISA Server is blocking this traffic, but DHCP is a broadcast message, that would not include any network details, hence you getting some DHCP requests being process by your server.

Check for traffic on ports 67 and 68 where your DHCP requests would be sent.
Blocking these ports on ISA will prevent your DHCP servers going through  ISA.
LVL 29

Assisted Solution

pwindell earned 1000 total points
ID: 35428114
1. The solution is not going to be monkeying with the ISA

2. His "traffic" is not going to slow the SBS down,...it just is not going to happen.  If the SBS is performing badly it is performing badly for other reasons.

3. The original networking issue is one of a few solutions:

 A. if there are less than 200 machines on the LAN then forget it,..run them all on one subnet.  Other than to potential to create ACLs on a LAN Router for security between the two segments creating two segments is almost pointless

 B. Fix the LAN Router so that the two segments are separated like they should be.  Monkeying with the ISA to "hide" the symptoms of the underlying problem does not solve anything.

 C. If the SBS running ISA happens to also BE the LAN Router then the whole thing is a moot point.  Forget it,...you have one network,...having one or more segments is irrelevant, you still have just one Network because you are the one controlling the Internet access for both companies. You just simply have one multi-segment LAN.  In fact,...the fact that it is two companies involved becomes irrelevant.

The points I made might not seem unimportant or might seem to not apply in some people's minds,...but the points have to do with how you view the situation,...if you don't view the situation correctly for "what it is", then you will never be looking for the right applicable solution.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question