Re: ipsec to block ip range

google_at_ratemyband.co.uk
Date: 11/22/05 

Date: 22 Nov 2005 10:43:40 -0800

Thanks for the advice.
If I only define 1 rule: block IPs from the rogue range - will
everything else continue as it was before, i.e. everything enabled?
I can see the sense in locking everything down and then opening up
everything that's required, but I don't think I'm brave enough to do
that yet :)

Cheers

Roger Abell [MVP] wrote:

> Don't worry, but do it right.
> First, you can define an IPsec policy and not assign it.
> That means it is not actively in use. You can then assign it and
> it immediately becomes effective, and similarly you can unassign
> it and its effects halt immediately.
> So, if you were to define a policy, make sure it is not assigned,
> and then define the desired rules, and finally assign it and test if
> you have all desired allowed activity, and if not, unassign it with
> only brief trauma.
> For your case it sounds like you would want rules that
> 1. block everything (all protocols from any)
> 2. allow tcp 80 and 443 from any
> 3. allow tcp 3389 with your management machines used to TS
> 4. allow the various required (dns, ntp, smtp, sql) and DCs if
> in a domain threading this for only the intended IPs
> 5. block all for the rogue IPs, such as the Korean IP range.
> as a base starting point.
> What I do is define filters in the IPsec policy on webservers
> named such as "Apr05 rogues", "May05 rogues" and as I have
> bad-guy IPs show up I banish them in one of these, and then
> after so long just delete the older filters to let that month's IP
> off the hook (I mean "unbanish" them).
>
> "Joe Gass" <joegass@online.nospam> wrote in message
> news:egM%23lf47FHA.3232@TK2MSFTNGP12.phx.gbl...
> > Hi,
> > I have a web server - windows 2003 web edition, running dns, ftp, smtp,
> > pop, etc
> > Some nice people (from Korea) are bombarding my smtp server, always from
> > the same subnet
> > I'd like to block them but I don't have any experience with ipsec, I'm
> > worrying that if I assign a rule blocking all traffic from this IP range
> > everything else will stop working. Especially I don't want to get locked
> > out from terminal services.
> >
> > I'm probably worrying unnecessarily, if someone could guide me through
> > setting this up I'd greatly appreciatte it.
> >
> > Many thanks
> > Joe
> >
> >

Relevant Pages

  • Re: ipsec to block ip range
    ... you can define an IPsec policy and not assign it. ... block all for the rogue IPs, such as the Korean IP range. ... named such as "Apr05 rogues", "May05 rogues" and as I have ... after so long just delete the older filters to let that month's IP ...
    (microsoft.public.windows.server.security)
  • Re: MAC filter on server
    ... (The cable IPs ... The filters on the BEFVP41 have to do with blocking -outgoing- ... FTP server when, for example, you are visiting your folks for ... Can any router or firewall block IP addresses for incoming traffic? ...
    (comp.security.firewalls)
  • Re: Fetchmail stuck on bad messages
    ... > I for instance have one mailbox at my IPS with 5 aliases. ... Can't you use procmail to filter on headers. ... program and having the filters in the other mess up. ...
    (Debian-User)
  • Re: MAC filter on server
    ... (The cable IPs ... I don't know what the filtering capabilities of the BEFSR41 are. ... The filters on the BEFVP41 have to do with blocking -outgoing- ... FTP server when, for example, you are visiting your folks for ...
    (comp.security.firewalls)
  • Re: Internet Control Noob question
    ... We need to set up filters in the Firewall (Routing module) in order to ... stop some IPs from the internet... ...
    (microsoft.public.windows.server.networking)