none
Why doesn't blocking IP address with Windows Firewall 2008 work?

    Question

  • I believe I have configured the firewall exactly as described by this post.  I am trying to block 69.72.213.218 which has been attacking our SQL server.  After adding the IP to the scope of a blocking connection inbound rule,  I can still see the incoming connection from the IP coming in.  Where could be wrong with my configuration?  Any tip will be greatly apprecited.

    Hong

    Sunday, February 19, 2012 8:19 PM

Answers

All replies

  • The configuration in the article should block the IP address. Are you getting connections to the server or are you seeing attempted connections? The IP address could be blocked but you are seeing attempted connections still. 

    A better solution would be to block the IP address at the network perimeter instead at the server level.

    Possible issue could be that malware could be on the local network as well allowing the inbound connection into the server.

    Sunday, February 19, 2012 9:30 PM
  • The SQL server is still generating events in response to the attack.   If I use IPSec Security Policy, the connection will be blocked successfuly because the events will be gone.

    I do not have any control of the router because it is a leased server.


    Hong

    Sunday, February 19, 2012 10:11 PM
  • Hard to say what is wrong with the configuration since we can't see the configuration. I would delete the rule recreate the rule.
    Sunday, February 19, 2012 10:20 PM
  • Hallelujah!  It is working now, but I could use a bit education.

    There are three profiles: Domain Profile, Private Profile and Public Profile.  It started working after the firewall state for the Public Profile was turned on.  Could anyone point to a source from which I can get a quick understanding of these profiles?


    Hong

    Sunday, February 19, 2012 10:36 PM
  • Hi Hong,

    For the firewall profiles, you may refer to the following articles:

    Understand the Windows Firewall Profiles for Different Networks
    http://technet.microsoft.com/en-us/magazine/ee851569.aspx

    Network Location Awareness (NLA) and how it relates to Windows Firewall Profiles
    http://blogs.technet.com/b/networking/archive/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles.aspx


    Best Regards,
    Aiden


    Aiden Cao

    TechNet Community Support

    • Marked as answer by Hong (MA, USA) Monday, February 20, 2012 3:07 AM
    Monday, February 20, 2012 2:37 AM
  • Perfect!  Thanks, Aiden.

    Hong

    Monday, February 20, 2012 3:08 AM