locked
Fight with invalid access RRS feed

  • Question

  • Hi,

    The IP like 2?.?.?.?, does connect to my current IP like

    "TCPIP"    4440         "2020-09-15 14:46:00.582"     "TCP - 2?.?.?.? connected to 1?.?.?.?:25."

    "DEBUG" 4440         "2020-09-15 14:46:00.598"     "TCP connection started for session 5619"

    "SMTPD" 4440         5619         "2020-09-15 14:46:00.598"     "2?.?.?.?"        "SENT: 220 WIN-429I3QNHOQT ESMTP"

    "SMTPD" 7736         5619         "2020-09-15 14:46:01.426"     "2?.?.?.?"        "RECEIVED: EHLO User"

    "SMTPD" 7736         5619         "2020-09-15 14:46:01.441"     "2?.?.?.?"        "SENT: 250-WIN-429I3QNHOQT[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN[nl]250 HELP"

    "SMTPD" 3008         5619         "2020-09-15 14:46:02.285"     "2?.?.?.?"        "RECEIVED: QUIT"

    "SMTPD" 3008         5619         "2020-09-15 14:46:02.285"     "2?.?.?.?"        "SENT: 221 goodbye"

    "DEBUG" 4440         "2020-09-15 14:46:02.285"     "Ending session 5619"

    I've created the relevant firewall rule to disable relevant IP but it does not help. How?


    Many Thanks & Best Regards, Jackson Chen



    • Edited by Jackson_1990 Tuesday, September 15, 2020 6:49 AM
    Sunday, September 13, 2020 3:40 PM

All replies

  • Hi,

    Any help?


    Many Thanks & Best Regards, Jackson Chen

    Sunday, September 20, 2020 3:11 PM
  • Apparently, the rule that you defined does not apply to the network traffic.

    Take a test machine and put it's IP address in the firewall rule. RDP to the test machine and see if you can connect to the port on the server. Adjust the rule until it blocks the connection. Then change the IP address in the rule to that of the intruder. 

    If your server is exposed to the internet, you can also use https://canyouseeme.org/  to test and block connectivity from that source. 

    Sunday, September 20, 2020 3:35 PM
  • What does your URL show against any potential access?

    Is it through port 25 below? How to disable the access of 21?.?.?.? within Win 2016 server?

    "TCPIP"    7736         "2020-09-21 11:21:50.863"     "TCP - 21?.?.?.? connected to 10?.?.?.?:25."


    Many Thanks & Best Regards, Jackson Chen


    Monday, September 21, 2020 3:48 AM
  • What does your URL show against any potential access?



    Canyouseeme.org is a site on the internet that anyone can use to test to see if any port on their pc/server is exposed to the internet.

    Is 21?.?.?.? on  the internet or is it on your private network? What port is it connecting to? 25? 

    If 21?.?.?.?  is on the internet, then use Canyouseeme.org to see if it can connect to port 25 on your server. Check your logs to get the IP address of the Canyouseeme.org server. Add a firewall rule to block the IP address. 

    If your server is not exposed to the internet, then you can't use Canyouseeme.org to test to see if your firewall rule is working or not. You will have to use some other pc on your private network. Replace 21?.?.?.? with the IP address of your test pc. Log on to the test pc and try to connect. 

    Adjust the firewall rule or whatever software you have on the server until it blocks Canyouseeme.org or the test pc. Then put 21?.?.?.? back into the working firewall rule. 

      

    Monday, September 21, 2020 12:33 PM
  • Currently the server is exposed to Internet directly. How to block specific IP thoroughly on port 25?

    Many Thanks & Best Regards, Jackson Chen

    Tuesday, September 22, 2020 1:21 AM
  •  How to block specific IP thoroughly on port 25?

    A simple internet search will provide multiple examples.

    https://www.bing.com/search?q=windows+firewall+rule+to+block+ip

    Tuesday, September 22, 2020 1:05 PM
  • Thanks a lot.

    Can you help to issue below (in Win 2016 server), after I've put relevant remote IP address?


    Many Thanks & Best Regards, Jackson Chen


    • Edited by Jackson_1990 Wednesday, September 23, 2020 1:43 AM
    Wednesday, September 23, 2020 1:42 AM