Wednesday, March 18, 2009

Blocking IP Addresses Using MMC

I was searching for a solution to block any communication with specific IP addresses. I have come to this solution using MMC (Microsoft Management Console). The following steps will allow you to block any communication - whatever the protocol is - with specific IP addresses or subnet:

1. Open Start Manu > Run > Write "MMC". Then press Enter.
2. In the Management Console > File > Add/Remove Snap-in...
3. In the opened dialog, leave "Local Computer" as it's and click "Finish".

4. You will have a new node in the left tree called: "IP Secuirty Policies in Local Computer".
5. Right click on this node and select "Create IP Security Policy".
6. In the opened dialog, write "Block IP".
7. Click Next till the end of the wizard and then "Finish".
8. You will have an item in the left pane called: "Block IP". Right click on it and select "Properties".

9. In the opened dialog, click "Add".
10. Go through the wizard, till you reach a step called: "IP Filter List".
11. Click "Add". IP Filter Dialog will open.

12. Modify the name of your IP Filter and click "Add" to add an IP filter policy.
13. Click "Next. Leave "Source Address" as "My IP Address".
14. In the destination address, you can select "A specific IP Address". You can also filter by DNS or subnet. Enter the IP address to block. Then click Next.

15. Leave the protocol to be "Any" and click "Next".
16. Then click "Finish".
17. Apply all changes, and close all the opened windows. You may have to add "Block" action if it doesn't exist.
18. After you finish, don't forget to write click on "Block IP" policy and select "Assign".

Now try to ping the blocked IP addresses. You should get "Destination Unreachable" message.