How do i block a IP in Server 2003?

By GeeZuZz
in Microsoft (Windows)

 Share

Recommended Posts

Proficient

GeeZuZz

Posted
Posted

Theres some idiots/bots that are trying to "brute force" my MSSQL server. Pretty weird, the same day i set it up, two (pretty similar) IP's started to try logon to it every second. The stupid guys was even so stupid that the first day they only tried "admin" and "root" account, which of course does not exist, as "sa" is the default admin account :rolleyes:

Anyway, are there anyway i can block ALL request these IP's make to my server?

My router does not have any IP-blocking features, only port blocking.

And in Window's TCP/IP settings it's only possible to block all and allow specified IP's - not allow all, except some specified.

Anyone have any suggestions?

Link to comment
https://www.neowin.net/forum/topic/456687-how-do-i-block-a-ip-in-server-2003/
Share on other sites
Proficient

GeeZuZz

Posted
  • Author
Posted
  2shae said:

dont allow incoming connections to the port of mysql at all

It's a server for a reason - to be accessable ;)

Pretty amazing that a Server OS misses something as essential as this...

I think i'll go for a new router/firewall.

Anyone know any recommended not-too-advanced WLAN routers? It must be able to block IP's :p

Mentor

Intelligen

Posted
Posted

My first question, why do you have a windows server open to the internet? ALWAYS put a server behind a firewall and open only ports you need......

from what i read, some people suggesting adding

ip route x.x.x.x 127.0.0.1

it will null route it to local loopback, not sure if it works....

Mentor

randy_tho

Posted
Posted
  GeeZuZz said:

It's a server for a reason - to be accessable ;)

Pretty amazing that a Server OS misses something as essential as this...

I think i'll go for a new router/firewall.

Anyone know any recommended not-too-advanced WLAN routers? It must be able to block IP's :p

I'd setup an IPcop box for your firewall. Then you could forward traffic from those IPs to a nonexistant subnet.

  Intelligen said:

My first question, why do you have a windows server open to the internet? ALWAYS put a server behind a firewall and open only ports you need......

He never said he did. He is apparently serving a SQL database over the net though.

Grand Master

John Veteran

Posted
  • Veteran
Posted
  Intelligen said:

My first question, why do you have a windows server open to the internet? ALWAYS put a server behind a firewall and open only ports you need......

from what i read, some people suggesting adding

ip route x.x.x.x 127.0.0.1

it will null route it to local loopback, not sure if it works....

That would prevent your server from having its responses reach the destination (the IP you want to block) but it would not prevent them from sending traffic to your server.

To do what you want, you will need a firewall of some kind. But you shouldn't be running ANY server without a firewall in the first place...

Grand Master

MazX_Napalm

Posted
Posted

You have a SQL server, it is available on the net, you don't have a firewall and people are trying to hack into it.

It doesn't matter if you block a few IP ranges. Do you think a hacker is going to use a connecting with a static IP that will be tracable back to him/her?

Just put a proper Server firewall onto the system.

Proficient

GeeZuZz

Posted
  • Author
Posted

Why do you say i don't have a firewall? Of course i have a firewall, but i can't close everything down, the whole point of the server is to make it accessible, and theres many different IP-adresses that needs to access it, so it would be hard to deny everyone, except given IP's.

MazX_Napalm: Yes it matters if i block those two who are trying. Of course new IP's will try, but i will discover fast and block them.

Seems like you guys are advising me to disconnect my server from the internet. Do you usually advise people with Webservers to get a firewall and close port 80? :unsure:

Mentor

Intelligen

Posted
Posted

Were not advising you to take it off the internet, just have a firewall and only allow certain IPs to connect to a certain port. Not sure why you are using the database over internet though.

Is there an application having to connect to your database from a remote location i'm guessing????

If its just a web site connecting to database, allow on your firewall traffic to and from your sql database to your web server. Guess not really sure how your setup is.

Sorry for hte ip route suggestion, after i wrote it, i knew exactly what i said and just left it for someone else to correct my idea. Found it through google... whoops!

Proficient

GeeZuZz

Posted
  • Author
Posted (edited)
  Steven said:

Pretty sure you can accomplish this in the "Routing and Remote Access" services or use TCP/IP Filters. :)

http://www.windowsnetworking.com/articles_...figuration.html

Thanks, i'll try that. As mentioned "TCP/IP-filters can't be use because it for some strange reason won't let me block a single or group of addresses, only the opposite.

Intelligen: It should be available for applications on PC, cell-phones and web - many different IP's and ranges.

Edited by GeeZuZz
Veteran

betasp

Posted
Posted

Why not block the address range on the router or firewall? Also, you mention that it needs to be accessible. Not all of it. Only route the ports on the firewall over to the server that are needed. Then, setup a firewall rule to block the IP address ranges you need. You can do everything you need on the firewall and not have to touch the server. This will also keep it safe and keep the would be hackers from finding another way in (Windows vulderability, anyone).

Of course you could not follow my advice and the advice of others. We all need more rouge machines on the net acting as bots and spam blasters.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

What router/firewall are you using? Any decent basic soho device should allow to block by IP or ranges.. Something as cheap as the linksys rv042 allows for this;

"has IP address filtering so you can specify exactly who has access to your network"

Any firewall/gateway distro can do this, ie IPcop, m0n0wall, etc.. some do it out of the box, others have addons that provide a gui to configure it with out having to directly write the rules, etc.. But all can do it. You can even write scripts to watch your logs, if you see unwanted type traffic - you can then block that IP, etc..

If you current border device does not provide you the functionality you want - get one that does!

Proficient

GeeZuZz

Posted
  • Author
Posted

betasp: As mentioned, i already have a firewall. Everything is blocked except a few ports (1433, 80, 113 e.g) that are redirected to my server.

It's a 3com router w/firewall, and yes i thought is was weird also that theres no possibility to block IP/ranges.

Anyway, i decided to buy a new router with a little more advanced firewall feature. I think I'll go for D-link 4300, as everybody brags about it.

Grand Master

John Veteran

Posted
  • Veteran
Posted
  majortom1981 said:

you should be able to atleast block mac addresses.

My microsoft mn-700 shows what ip adresses are connected and there mac addresses. Then you can actually blokc the macs that u dont want.

You're referring to MAC filtering, which configures which MAC addresses the router will accept connections from. You can't put in the MAC address of a machine on the internet (1. because you don't know it, and 2. because it wouldn't matter due to gateways).

Grand Master

+BudMan MVC

Posted
  • MVC
Posted
  GeeZuZz said:

I think I'll go for D-link 4300, as everybody brags about it.

Really ???

* Introducing GameFuel™ Priority Technology designed to provide the uninterrupted and latency-free gaming experience serious online gamers expect

* Customized with game-centric features boasting maximum flexibility for configuration and performance

* Unparalleled 802.11g wireless performance

* Designed for the Gamers Network

Yeah those types of features seem like EXACTLY what your after in securing your network :rolleyes:

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.