Bit of an odd one

[canadabeeau]

Hi I am using this method to block IPs attempting to DDOS and hack a server.

Click 'Start' > 'Run' >type 'MMC' press ok.

 

In the console click > 'File' > 'Add/Remove Snap in'

 

In the 'Standalone Tab' click The 'add' button

 

Seclect 'IP Security Policy Managment' > 'ADD' > 'Local Computer' > 'finish' > 'close' > 'ok'

 

You should now be back to the console.

 

In the left frame right click 'IP security policies on local computer' > 'Create IP security policy'

 

Click Next and then name your policy 'Block IP' and type a description.

 

Click 'Next' then leave 'activate' ticked then click 'Next'

 

leave the 'edit properties ticked and click 'Finish'

 

You should now have the properties window open.

 

Click 'ADD' then click 'Next' to continue.

 

Leave 'This rule does not specify a tunnel' selected and click 'next'

 

Leave 'all network connections' selected and click 'next'

 

You should now be on the IP filter list. You need to create a new filter, so dont select any of the default ones. Click 'ADD'

 

Type a Name for your list, call it 'IP block list'

Type a description in, can be same as name.

Click 'ADD' then click 'Next' to continue.

 

In the description box type a description. As its the first IP you are blocking call it 'IP1' or 'IP Range 1'

Leave ticked the 'Mirrored. Match packets with the exact opposite source and destination addresses'

Click 'Next'

 

The 'Source address' should be left as 'My IP address' click 'Next'

 

You can now select 'A Specific IP address' or 'A Specific Subnet' for the Destination address.

Type in the IP address you want to block and if blocking a subnet type in the subnet block. Click 'next'

 

Leave the protocol type as 'Any' and click 'Next' and then 'Finish'

 

You have now blocked your first IP or IP range.

 

Now I want to make a PHP script (that interacts via the Command Line as it would not be possible to do it via the web) that will add IPs that I type in (or the administrator does). If I can't do it via this method (whith the above QUOTE) is there an open source project which could help me (that stores the IP ban list as a file, that way I can get PHP to append it). If anyone knows such an open source project please post it here (or a project FREE for commercial use), post a link too please :-)

 

I will need eventually to develop this method so it can work on Windows server, Linux servers and MAC servers :-(, but I think i'll deal with Windows first.

 

Much thanks in advance

 

 

Rhodry Korb

[canadabeeau]

The above QUOTE is for IPSec on Windows Servers (2003+2008)

[canadabeeau]

Or if anyone can tell me maybe where on PHPfreaks or another forum I should post this question

[canadabeeau]

bump

[laffin]

Most of windows stuff is stored in the registry. and thats a pain. your best bet is to use another firewall, one that works on both systems.

I would suggest using something like PeerGaurdian which does use a txt file for a blocklist, is open source, and you can get the txt file schema

Windows

Linux

Peer Gaurdian file format

 

[canadabeeau]

okay I'll look at PeerGuardian. however it seems PerrGuardian is not for Linux ONLY Windows :-(

[laffin]

True, But
[quote]MoBlock is a linux console application that blocks connections from/to hosts listed in a file in peerguardian format (guarding.p2p). 

which is a firewall

[canadabeeau]

True, But
[quote]MoBlock is a linux console application that blocks connections from/to hosts listed in a file in peerguardian format (guarding.p2p). 

which is a firewall

 

okay, so use MoBlock, now I have to try and get it's source code from the developer :-)

Thanks laffin