Portal Home > Knowledgebase > Articles Database > How To Block IP Addresses In Windows 2003 Server - Recommend Software Firewall
How To Block IP Addresses In Windows 2003 Server - Recommend Software Firewall
| Posted by JustinK101, 06-18-2007, 04:19 PM |
| Hello,
I am running windows 2003 server.
Recently, there have been brute force attacks to try and compromise my sa password (MSSQL) and root password (MYSQL).
I would like to block particular ip addresses, but looking in the built in firewall in windows I don't see a way to do this. Is this possible with the built in tools/firewall that comes with windows 2003?
If not, can anybody recommend a simple firewall solution that will allow me to block ip addresses? I don't want something that is bloated and blocks popups, viruses, adware, etc. I just want a solution that will allow me to block ip addresses and prevent brute force attacks.
Thanks.
|
| Posted by page-zone, 06-19-2007, 12:46 AM |
| A Windows security cookbook might be a good investment. But I *think* IP filtering is done by going to the options tab in 'Network Card Screen' | TCP/IP | Options | Advanced or look up ACL "Access Control List" settings, there's a million fine grained access rules that can be set up. - But this is coming from someone with only a slight knowledge of Windows 2003.
|
| Posted by plumsauce, 06-19-2007, 04:21 AM |
| ras packet filters
.
|
| Posted by JustinK101, 06-19-2007, 04:55 AM |
| Can you explain further about RAS? Is there a sofware solution that does this? I need tha ability to not only block HTTP traffic from particular IP addresses, but also MYSQL and MSSQL connections on the standard ports. Thanks.
|
| Posted by me_douglas, 06-19-2007, 07:42 AM |
| It is MMC based snap in with whole lot of features including blocking access based on IP and port combination.
Thanks!
Douglas
|
| Posted by JustinK101, 06-26-2007, 01:16 PM |
| me_douglas,
I searched but with no luck, how do I install and open RAS? I found an article on RAS but it ws related to Windows NT. I am running Windows 2003 Server, can I still use RAS? Thanks.
|
| Posted by DaveNET, 06-27-2007, 11:58 PM |
| How about the Visnetic firewall for Windows? I have used that before on Windows 2003 servers and found it easy to setup and configure. It will do all the stuff you are looking for.
|
| Posted by JustinK101, 06-28-2007, 12:37 AM |
| One issue with installing software firewalls is we don't have physical access the box, we use remote desktop. After the install of Visnetic, I assume it requires a reboot. Will we be able to access the server after the reboot and visnetic is active by default via remote desktop? I want to make sure the software firewall we install, doesnt lock us out of our own server. Thanks.
|
| Posted by DaveNET, 06-28-2007, 12:54 AM |
| As I recall (I also installed remotely, although I can drive to the DC and get physical access if needed), the firewall is installed in a disabled state. You need to add your IP address to the "allowed" list or you will be unable to connect to the server. So yes, you do need to pay attention to the configuration when you do it.
I would practice with it on a local pc/server until I was sure I knew how to configure it properly on a remote server.
|
| Posted by campy, 07-07-2007, 02:15 PM |
| I also noticed several attempts to login as 'sa' on my Windows 2003 Server with SQL Server. I was able to terminate access to the server from the offending IP addresses by using the RRAS snap-in described above.
Here's a brief run-down of what I did:
Start - Run- MMC - Add the Routing and Remote Access Snap-in
Enable RRAS on the server on all adapters
Since the attacks I was experiencing were from external addresses, I went to IP Routing, General, Public Network and selected properties.
On the general tab, select inbound filters and add a filter to receive all packets except those that meet the criteria below, then add the offending IP addresses one at a time.
In my case, the source address was the IP of the offending computer, subnet was 255.255.255.255 and the protocol was any. Once I cleaned up the offenders I saw a complete end to sa login failures in the application log.
Dave
|
| Posted by winger, 07-28-2007, 12:08 PM |
| hi,
I would like to know if there is nothing like APF+BFD in linux for windows?
thanks.
|
Add to Favourites 
Print this Article
Also Read
