how do I block packets from source x.x.x.x on SBS 2003 ( ISA2004)

Posted on 2011-04-18
Last Modified: 2012-08-14
Dow do I block packets from source x.x.x.x

Sharing a network and the person that setup the VLAN did something wrong, my server keeps rejecting traffic from his network. This traffic slows the server down, and my DHCP is sometimes assigning his clients with ip. The DHCP server is forced offline daily, because he has one on his side as well.
Question by:Yeaktom
    LVL 5

    Expert Comment

    The usual approach with firewalls is to block everything except the traffic you want to permit.

    To completely block out a specific IP go to  your Packet Filters section under Access Policy and create a new custom rule than blocks all traffic (IP Protocol: Any;Direction:Inbound) on the external ISA server's NIC for the Remote Computer you want to apply the filter to.

    LVL 11

    Expert Comment

    at IP or MAC level you can filter/reject packets if you have a Firewall between both sides

    if not and considering you run your DHCP on your windows 2003 server there's an add-on that implements MAC filtering (MacFilterCallout.msi )
    now is included with Server 2008 DHCP service, see here:
    LVL 2

    Author Comment

    The server is flooded with traffic, similar to this.

    Denied Connection XXXSRV 2011/04/19 09:25:44 AM
    Log type: Firewall service
    Status: A packet was dropped because ISA Server determined that the source IP address is spoofed.
    Source: External ( 192.168.10.XX:137)
    Destination: External (
    Protocol: NetBios Name Service
     Additional information
    Number of bytes sent: 0 Number of bytes received: 0
    Processing time: 0ms Original Client IP: 192.168.10.XX
    Client agent:
    LVL 23

    Expert Comment

    by:Suliman Abu Kharroub
    do you have x.x.x.x vlan range on internal ISA network ranges? this will not solve the problem but will prevent this alert from appearing again.

    to solve the problem you have to find the source. is that VLAN allowed to use the internet ? if not, just dont offer default gateway on DHCP to this VLAN.

    hope I understand the case properly...
    LVL 26

    Accepted Solution

    While your two networks have some connectivity you'll always be getting traffic on your ISA NIC's.

    Since the VLAN hasn't been configured correctly, you'll not be able to stop your ISA box from receiving traffic from "the other side".

    NOTE: Your ISA Server is blocking this traffic, but DHCP is a broadcast message, that would not include any network details, hence you getting some DHCP requests being process by your server.

    Check for traffic on ports 67 and 68 where your DHCP requests would be sent.
    Blocking these ports on ISA will prevent your DHCP servers going through  ISA.
    LVL 29

    Assisted Solution

    1. The solution is not going to be monkeying with the ISA

    2. His "traffic" is not going to slow the SBS down, just is not going to happen.  If the SBS is performing badly it is performing badly for other reasons.

    3. The original networking issue is one of a few solutions:

     A. if there are less than 200 machines on the LAN then forget it, them all on one subnet.  Other than to potential to create ACLs on a LAN Router for security between the two segments creating two segments is almost pointless

     B. Fix the LAN Router so that the two segments are separated like they should be.  Monkeying with the ISA to "hide" the symptoms of the underlying problem does not solve anything.

     C. If the SBS running ISA happens to also BE the LAN Router then the whole thing is a moot point.  Forget it, have one network,...having one or more segments is irrelevant, you still have just one Network because you are the one controlling the Internet access for both companies. You just simply have one multi-segment LAN.  In fact,...the fact that it is two companies involved becomes irrelevant.

    The points I made might not seem unimportant or might seem to not apply in some people's minds,...but the points have to do with how you view the situation,...if you don't view the situation correctly for "what it is", then you will never be looking for the right applicable solution.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now