Sunday, February 19, 2012 8:19 PMI believe I have configured the firewall exactly as described by this post. I am trying to block 184.108.40.206 which has been attacking our SQL server. After adding the IP to the scope of a blocking connection inbound rule, I can still see the incoming connection from the IP coming in. Where could be wrong with my configuration? Any tip will be greatly apprecited.
Sunday, February 19, 2012 9:30 PM
The configuration in the article should block the IP address. Are you getting connections to the server or are you seeing attempted connections? The IP address could be blocked but you are seeing attempted connections still.
A better solution would be to block the IP address at the network perimeter instead at the server level.
Possible issue could be that malware could be on the local network as well allowing the inbound connection into the server.
Sunday, February 19, 2012 10:11 PM
The SQL server is still generating events in response to the attack. If I use IPSec Security Policy, the connection will be blocked successfuly because the events will be gone.
I do not have any control of the router because it is a leased server.
Sunday, February 19, 2012 10:20 PMHard to say what is wrong with the configuration since we can't see the configuration. I would delete the rule recreate the rule.
Sunday, February 19, 2012 10:36 PM
Hallelujah! It is working now, but I could use a bit education.
There are three profiles: Domain Profile, Private Profile and Public Profile. It started working after the firewall state for the Public Profile was turned on. Could anyone point to a source from which I can get a quick understanding of these profiles?
Monday, February 20, 2012 2:37 AMModerator
For the firewall profiles, you may refer to the following articles:
Understand the Windows Firewall Profiles for Different Networks
Network Location Awareness (NLA) and how it relates to Windows Firewall Profiles
TechNet Community Support
- Marked As Answer by Hong (MA, USA) Monday, February 20, 2012 3:07 AM
Monday, February 20, 2012 3:08 AMPerfect! Thanks, Aiden.