How do i block a IP in Server 2003?


Recommended Posts

Theres some idiots/bots that are trying to "brute force" my MSSQL server. Pretty weird, the same day i set it up, two (pretty similar) IP's started to try logon to it every second. The stupid guys was even so stupid that the first day they only tried "admin" and "root" account, which of course does not exist, as "sa" is the default admin account :rolleyes:

Anyway, are there anyway i can block ALL request these IP's make to my server?

My router does not have any IP-blocking features, only port blocking.

And in Window's TCP/IP settings it's only possible to block all and allow specified IP's - not allow all, except some specified.

Anyone have any suggestions?

Link to comment
https://www.neowin.net/forum/topic/456687-how-do-i-block-a-ip-in-server-2003/
Share on other sites

  2shae said:

dont allow incoming connections to the port of mysql at all

It's a server for a reason - to be accessable ;)

Pretty amazing that a Server OS misses something as essential as this...

I think i'll go for a new router/firewall.

Anyone know any recommended not-too-advanced WLAN routers? It must be able to block IP's :p

My first question, why do you have a windows server open to the internet? ALWAYS put a server behind a firewall and open only ports you need......

from what i read, some people suggesting adding

ip route x.x.x.x 127.0.0.1

it will null route it to local loopback, not sure if it works....

  GeeZuZz said:

It's a server for a reason - to be accessable ;)

Pretty amazing that a Server OS misses something as essential as this...

I think i'll go for a new router/firewall.

Anyone know any recommended not-too-advanced WLAN routers? It must be able to block IP's :p

I'd setup an IPcop box for your firewall. Then you could forward traffic from those IPs to a nonexistant subnet.

  Intelligen said:

My first question, why do you have a windows server open to the internet? ALWAYS put a server behind a firewall and open only ports you need......

He never said he did. He is apparently serving a SQL database over the net though.

  Intelligen said:

My first question, why do you have a windows server open to the internet? ALWAYS put a server behind a firewall and open only ports you need......

from what i read, some people suggesting adding

ip route x.x.x.x 127.0.0.1

it will null route it to local loopback, not sure if it works....

That would prevent your server from having its responses reach the destination (the IP you want to block) but it would not prevent them from sending traffic to your server.

To do what you want, you will need a firewall of some kind. But you shouldn't be running ANY server without a firewall in the first place...

You have a SQL server, it is available on the net, you don't have a firewall and people are trying to hack into it.

It doesn't matter if you block a few IP ranges. Do you think a hacker is going to use a connecting with a static IP that will be tracable back to him/her?

Just put a proper Server firewall onto the system.

Why do you say i don't have a firewall? Of course i have a firewall, but i can't close everything down, the whole point of the server is to make it accessible, and theres many different IP-adresses that needs to access it, so it would be hard to deny everyone, except given IP's.

MazX_Napalm: Yes it matters if i block those two who are trying. Of course new IP's will try, but i will discover fast and block them.

Seems like you guys are advising me to disconnect my server from the internet. Do you usually advise people with Webservers to get a firewall and close port 80? :unsure:

Were not advising you to take it off the internet, just have a firewall and only allow certain IPs to connect to a certain port. Not sure why you are using the database over internet though.

Is there an application having to connect to your database from a remote location i'm guessing????

If its just a web site connecting to database, allow on your firewall traffic to and from your sql database to your web server. Guess not really sure how your setup is.

Sorry for hte ip route suggestion, after i wrote it, i knew exactly what i said and just left it for someone else to correct my idea. Found it through google... whoops!

  Steven said:

Pretty sure you can accomplish this in the "Routing and Remote Access" services or use TCP/IP Filters. :)

http://www.windowsnetworking.com/articles_...figuration.html

Thanks, i'll try that. As mentioned "TCP/IP-filters can't be use because it for some strange reason won't let me block a single or group of addresses, only the opposite.

Intelligen: It should be available for applications on PC, cell-phones and web - many different IP's and ranges.

Edited by GeeZuZz

Why not block the address range on the router or firewall? Also, you mention that it needs to be accessible. Not all of it. Only route the ports on the firewall over to the server that are needed. Then, setup a firewall rule to block the IP address ranges you need. You can do everything you need on the firewall and not have to touch the server. This will also keep it safe and keep the would be hackers from finding another way in (Windows vulderability, anyone).

Of course you could not follow my advice and the advice of others. We all need more rouge machines on the net acting as bots and spam blasters.

What router/firewall are you using? Any decent basic soho device should allow to block by IP or ranges.. Something as cheap as the linksys rv042 allows for this;

"has IP address filtering so you can specify exactly who has access to your network"

Any firewall/gateway distro can do this, ie IPcop, m0n0wall, etc.. some do it out of the box, others have addons that provide a gui to configure it with out having to directly write the rules, etc.. But all can do it. You can even write scripts to watch your logs, if you see unwanted type traffic - you can then block that IP, etc..

If you current border device does not provide you the functionality you want - get one that does!

betasp: As mentioned, i already have a firewall. Everything is blocked except a few ports (1433, 80, 113 e.g) that are redirected to my server.

It's a 3com router w/firewall, and yes i thought is was weird also that theres no possibility to block IP/ranges.

Anyway, i decided to buy a new router with a little more advanced firewall feature. I think I'll go for D-link 4300, as everybody brags about it.

  majortom1981 said:

you should be able to atleast block mac addresses.

My microsoft mn-700 shows what ip adresses are connected and there mac addresses. Then you can actually blokc the macs that u dont want.

You're referring to MAC filtering, which configures which MAC addresses the router will accept connections from. You can't put in the MAC address of a machine on the internet (1. because you don't know it, and 2. because it wouldn't matter due to gateways).

  GeeZuZz said:

I think I'll go for D-link 4300, as everybody brags about it.

Really ???

* Introducing GameFuel™ Priority Technology designed to provide the uninterrupted and latency-free gaming experience serious online gamers expect

* Customized with game-centric features boasting maximum flexibility for configuration and performance

* Unparalleled 802.11g wireless performance

* Designed for the Gamers Network

Yeah those types of features seem like EXACTLY what your after in securing your network :rolleyes:

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Prices have been unchanged for a looooong time, so really, it's time for a new price bracket, no matter how annoying it is. AAA titles just cost too much to develop these days. Personally, though, I tend to play mostly indie titles that are much lower priced and usually are far better games anyway.
    • Personally I don't usually play most games enough to justify paying £75 / $100 for a single game. I recently got a Switch 2 which came bundled with Mario Kart World, due to some discount codes I worked out I paid approx. £30 for Mario Kart World getting it bundled with the console. If I had paid £75 for Mario Kart World I'll be honest I would have been very disappointed with it. The big open world is essentially empty and lacking any real content, the changes to go GP mode mean you only really do one lap in most races... compared to Mario Kart 8 which has pretty much always been available for around £40 you have to ask why the game is almost double the cost? Look at all the content available in a Forza Horizon game compared to Mario Kart. For £30 I feel the game is ok, its not bad, however its not amazing either.
    • It was just a copy pasta from his other replies...
    • I think that the last game I bought on day-one was something like Ghost of Tsushima. I've come to realise that I don't have enough time (or sometimes inclination) to game as much as I used to, and I've got plenty of games to keep me occupied if I do decide to play. So I don't see the need to buy a game when it first releases - I wait until it goes on sale. If I'm really excited about a game and the price is under £50 then I would consider it, but anything over that price point gets ignored until the price comes down.
    • For the foreseeable that is your choice. I'm interested tom try one, my wife was very pleased because one she is anti-social and driver chat annoys her and two more seriously there is a long history of drivers abusing women, it's rare, but it happens and more than it should. Sometimes she needs to get a late taxi and she says it may make her feel safer.
  • Recent Achievements

    • Apprentice
      Wireless wookie went up a rank
      Apprentice
    • Week One Done
      bukro earned a badge
      Week One Done
    • One Year In
      Wulle earned a badge
      One Year In
    • One Month Later
      Wulle earned a badge
      One Month Later
    • One Month Later
      Simmo3D earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      603
    2. 2
      ATLien_0
      281
    3. 3
      +FloatingFatMan
      179
    4. 4
      Michael Scrip
      151
    5. 5
      Steven P.
      111
  • Tell a friend

    Love Neowin? Tell a friend!