• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

How do I create an IP blacklist?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> How do I create an IP blacklist? Page: [1]
Login
Message << Older Topic   Newer Topic >>
How do I create an IP blacklist? - 24.Jan.2007 5:19:42 AM   
Zulan

 

Posts: 39
Joined: 28.Nov.2006
Status: offline
Hi!

I keep getting all kinds of IP numbers trying to log on to my ftp using admin and tons of different passwords. I would like to ban these IPs in a black list on my ISA server making sure they can't get to the ftp server or anything else for that matter. What I did was that I created a port range 1-65535 and a computer set called Blacklisted IP numbers. I then created a deny rule saying

Deny - (my all ports range) - from my blacklist computer set.

I then tested it, and everything in the blacklisted IP set get through with no issues :-( Is there a better way to solve this?

< Message edited by Zulan -- 24.Jan.2007 5:21:14 AM >
Post #: 1
RE: How do I create an IP blacklist? - 26.Jan.2007 1:48:19 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Configure the Server Publishing Rule with exceptions.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Zulan)
Post #: 2
RE: How do I create an IP blacklist? - 31.Jan.2007 5:40:05 AM   
Zulan

 

Posts: 39
Joined: 28.Nov.2006
Status: offline
I have tried, but I don't see how you do this. If I try to create a server publishing rule choosing the option "publish non-web server protocols" it then asks me for server IP address. I want this to be on all my internal IP numbers. It will be too much work to add this rule to every IP I have.

(in reply to tshinder)
Post #: 3
RE: How do I create an IP blacklist? - 31.Jan.2007 10:44:41 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Zulan,

You can't do that. You need to control access from external to internal, so you need to create publishing rules to allow the precise protocols to specific internal servers.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Zulan)
Post #: 4
RE: How do I create an IP blacklist? - 1.Feb.2007 11:13:42 AM   
Zulan

 

Posts: 39
Joined: 28.Nov.2006
Status: offline
I think I achived what I was after. With this rule placed on top of all rules:

Action: Deny
Protocols: All outbound traffic
From: Blacklisted IP numbers (a computer set I've created)
To: All my networks and external
Condition: All users

I thought this would let anyone in and not out. A half way solution that might do since nothing else seemed to work. But with this rule in place I can try and connect to a ftp server from a computer in the blacklisted ip numbers and then nothing works, I get a 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED.

Seems to work exactly like I wanted

(in reply to tshinder)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> How do I create an IP blacklist? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts