none
Windows Firewall inbound rule not blocking ip addresses RRS feed

  • Question

  • I have UltraVNC on my PC to allow alternate remote access (besides Remote Desktop). I get lots of failed logon attempts reported by UltraVNC in the Event Viewer. I wrote a VBscript to read the Event Viewer to show the offending IP addresses. There are two IP addresses responsible for the vast bulk of failed attempts. I tried a Windows Firewall inbound rule to block these IP addresses, but I still get failed logon attempts in the Event Viewer from these IP's.

    Here are my rule settings:

    The fifth screenshot shows my offending IP addresses. Is there anything wrong in my settings that would make this rule not block these IP addresses from connecting?

    Friday, September 21, 2018 11:23 AM

All replies

  • Do you have a rule allowing connections to UltraVNC? If so that will override this block.

    If that is case delete both rules. Recreate the Allow UltraVNC but set a scope of allowed IPs not including what you want to block.

    Saturday, September 22, 2018 6:38 PM
  • Hi,

    Look at this rule setting seems to be correct and the ip addresses are added to remote section.

    As Mr happy provided, check if you have set other rules. If the related rule applies before the "block" one, the ping will still work.

    Regards,



    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 24, 2018 7:19 AM
    Moderator
  • Thanks for the info, guys!

    I do have another rule for UltraVNC allowing all traffic on the correct port.

    Only question is how to allow the whole internet but block two addresses..... I'll study up on that.

    Thanks!

    Wednesday, September 26, 2018 11:26 AM
  • Carl, you mention this:

    "If the related rule applies before the "block" "

    Is there a way to apply a priority to the rules, so the IP-block rule blocks even if another rule allows all traffic? I would rather apply the ip-block rule for the entire computer rather than just for UltraVNC.

    I could gather that having both rules would block the whole computer and UltraVNC, but then I'd have to apply future IP addresses to more than one rule, and I know I'll forget.

    Wednesday, September 26, 2018 11:30 AM