• 0

IP Blocking Software for clients?


Question

Anyone know of any good IP blocking software that runs at the winsock level for Windows 9x, NT, 2K/XP. Basically what I need to do is block access to a private network 162.143.* And to do this I need a very basic program, that is password protected, even the uninstall of it passworded.

I have found a ton of programs, but they either block specific websites http://www.example.com, but not IPs or they block 1 IP at a time, and I don't have the next 10 years to put ALL of the ip's in for that range.

I know something is out there, but I don't need 100 extra features either.

Any ideas anyone?

Thanks

Link to comment
https://www.neowin.net/forum/topic/43128-ip-blocking-software-for-clients/
Share on other sites

10 answers to this question

Recommended Posts

  • 0

Why are you looking at software? Blocking of networks should be done at the router level!

Since when is 162.143 a private network??

I show it owned by;

Florida Department of Law Enforcement (NET-FDLENET1)

Information Resource Management

2331 Phillips Road

Tallahassee, FL 32308

US

Netname: FDLENET1

Netblock: 162.143.0.0 - 162.143.255.255

Some more details on your network layout, routers in use - and be happy to help you put in a ACL that blocks access, etc..

  • 0

Here's the issue then: I've got 40 client PC's all going thru 1 central domain NT 4.0 server running Microsoft Proxy Server 2.0, they all have the proxy client installed, and are running internet connection thru that. The problem is 2 things. The 168.143.* range is private FDLE to access the Criminal Justice network, the only way you can access it is if you have a direct pipe to their network, which they have.

Right now, the domain server has 2 NICs in it. 1 for the lan, which goes into a switch (no routers) and the main ISDN channel is on a 3Com Impact Modem, which also connects into the switch, and is controlled thru a serial port on the server.

The 2nd NIC is connected directly to a small 8 port switch, which has the direct connect from the FDLE, which comes in thru it's own 56K ISDN, into a BayNetworks box, (which I can't touch, FDLE stuff) and plugs into this switch.

The server in it's "route print" has been told to forward ALL 162.143 request, to the Static IP of the 2nd NIC, which is on the FDLE network.

So, right now, everyone on the network has access to the FDLE stuff, only if they have the IP address, which none of them do.. But, just incase. I need to only give access to this range of IP's to a certin few people, 5-8.

The problem is, in MS-Proxy 2.0, I can only say "Yes or No" to web port 80 access. Or I can make a new range of Ports, and grant access.

I see nowhere to filter a range of IP's to a specific range of IPs

If I could say hey, Only allow 172.163.0.73 thru 172.163.0.81 to be able to access 162.143.*, thats all I would need.... but the Proxy Server software seems limited.

The 2nd issue is... one that I cannot figure out either.

DNS issue. All of the 162.143 DNS servers are private, meaning you can only access them if you are direct connected. Well, half of the FDLE CJNET website is IP, and half is DNS.

What I need to do is findout where the DNS servers are in NT 4.0 on this box, because I would use the primary DNS which is public to resolve any regular stuff, and then use the 162.143 DNS to route and resolve thru the FDLE network.

I goto command prompt, do an ipconfig /all, and I get NO DNS's on and of the 3 adapters, the LAN, the Virtual WAN (ISDN) or the 2nd LAN FDLE.

I go into the network properties, and only the "host" and "domain" are filled out in the , no DNS records.

Any ideas would be great.

P.S. They don't want to spend $3k on a router with access list cap.

Thanks ;)

  • 0

Your Joking Right?? I had to re-read your post, since I am having a hard time believing that either the FDLE or someone that has access into their network - has this type of hodge-podge setup??

So your NT4 DC is also your proxy server, and your router ;)

Get a ROUTER!! Find it on E-bay, take one from a evidence room ;) Something - get yourself a router with ACL - and most of your problems will go away! If no money - find yourself a OLD cpu, put linux on it - and use that as your router - atleast then you will be able to route, and use ACL's - and be able to do almost any other thing you could think of too!

My guess as to why you are not seeing a DNS entry on the NT box - is it is set in the Proxy software?? You would think that the box would have a dns entry - but most likely it is setup somewhere in the proxy.

If at all possible - your proxy should be a different box than your DC. I am hoping that this one server, is also not your File/APP/Print server(s)

If I read your post right. If I had access to your DC (from internet) I would have full access to any FDLE IP? Even if you put some sort of blocking software on the individual machines you didn't want going to the FDLE network - what about access from the net? to their Network!

I would highly suggest you get/do a security audit of your network - and SPEND whatever money is needed to secure it!

Good Luck!!

PS - please let us know how it turns out!! I am very Curious!!

  • 0

Well, not joking. One thing you have to know is, this is for a Police Department, in a City in Central Florida. The problem is their network was setup over 7 years ago, and this was never planned in the long run, we origionally did not setup their network it was a different company, I don't believe they planned to ever take it to this extent, or ammount of users. They have a small budget, but what we are going to do is put in a hardware firewall/router, I believe a Cisco 2120, I'll post a reply and let you know how it turns out.

A comple of interesting facts that I found out.

1: The FDLE connection is over a leased line, meaning that the pair of wires that connects them to the 56k connection, runs ALL the way to the state capitol, about 300 miles away. The FDLE pays the phone company?, I believe, a ton of $ for this function. But it's not on a switching network, so it's VERY secure.

The 2nd is, and which is funny.. The Baynetwork's ACCESS Layer box, has built in routing/ACL fuctions, but I can't touch it by law. And FDLE won't use it in any way to help us out..

Go figure.

I'll post as soon as we get everything in place and let ya know the final results..

The Firewall/Router should make things much more managable

Thanks!

  • 0
  Quote
Originally posted by phiberoptik

1: The FDLE connection is over a leased line, meaning that the pair of wires that connects them to the 56k connection, runs ALL the way to the state capitol, about 300 miles away. The FDLE pays the phone company?, I believe, a ton of $ for this function. But it's not on a switching network, so it's VERY secure.

Um - a leased line does not mean it is not switched. Ie it is not a 300 mile long twisted pair ;)

We run multiple T1 leased lines between states (more than 300 miles), its not as expensive as you think. 56K (why even bother?) - why not just keep a phone connection up, when needed - at that amount of bandwidth?? Most likely would be cheaper ;)

Let us know what your final configuration ends up being - am very curious. And yes a real router/firewall will make your life that much easier ;)

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Everything's OK! 🤣🤣🤣  
    • XnView 2.52.2 by Razvan Serea XnView is freeware software that allows you to view and convert graphic files. It's very fast and easy to use. But more importantly it supports more than 500 graphics formats! Import about 500 graphic file formats Export about 50 graphic file formats Multipage TIFF, Animated GIF, Animated ICO support Image IPTC, EXIF metadata support EXIF auto rotation support IPTC editing Resize, rotate, crop support Lossless rotate & crop (jpeg) support Adjust brightness, contrast... Auto levels, contrast Modify number of colors Apply filters (blur, average, emboss, ...) Apply effects (lens, wave, ...) Fullscreen mode Slide show with effects Batch convert, batch rename Create WEB page easily Screen capture Create contact Sheet Create or edit Multi-page file (TIFF, DCX, LDF) TWAIN & WIA support (Windows only) Print support (Windows only) Drag & Drop support (Windows only) Compare image side by side Filmstrip layout 44 languages support (Windows only) XnView 2.52.2 changelog: NConvert: -xyb for JPEGli XnView vs XnView MP: XnView is the classic, lightweight version with basic features and Windows-only support. XnView MP is the modern, cross-platform version with an improved interface, better performance, and extended format support. Download: XnView 2.52.2 Installer | Standalone | ~24.0 MB (Non-commercial freeware) Download: XnView MP 1.9.2 64-bit | Standalone | ~100.0 MB Download: XnView MP 1.9.2 32-bit | Standalone | ~60.0 MB View: XnView Website | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Correct. You don’t buy anything that’s free (if it were).
  • Recent Achievements

    • Week One Done
      Wayne Robinson earned a badge
      Week One Done
    • One Month Later
      Karan Khanna earned a badge
      One Month Later
    • Week One Done
      Karan Khanna earned a badge
      Week One Done
    • First Post
      MikeK13 earned a badge
      First Post
    • Week One Done
      OHI Accounting earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      692
    2. 2
      ATLien_0
      269
    3. 3
      Michael Scrip
      204
    4. 4
      +FloatingFatMan
      169
    5. 5
      Steven P.
      144
  • Tell a friend

    Love Neowin? Tell a friend!