A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Windows 10 » Windows 10 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

How do you block an IP address on Windows?



 
 
Thread Tools Rate Thread Display Modes
  #16  
Old August 21st 17, 07:40 PM posted to alt.comp.os.windows-10
Bram van den Heuvel
external usenet poster
 
Posts: 28
Default How do you block an IP address on Windows?

Given , Char Jackson
wrote:

route -p add 8.8.8.8 mask 255.255.255.255 192.168.1.254


Running as a user I get
route -p add 23.215.102.64 mask 255.255..255.255 192.168.1.254
The requested operation requires elevation.

Running as admin I get
route -p add 23.215.102.64 mask 255.255..255.255 192.168.1.254
The route addition failed: The parameter is incorrect.

I will try to debug why.
Ads
  #17  
Old August 21st 17, 08:03 PM posted to alt.comp.os.windows-10
Andy Burns[_6_]
external usenet poster
 
Posts: 1,318
Default How do you block an IP address on Windows?

Bram van den Heuvel wrote:

Running as a user


needs admin

Running as admin I get
route -p add 23.215.102.64 mask 255.255..255.255 192.168.1.254
The route addition failed: The parameter is incorrect.


get rid of the ".." it should just be "."

  #18  
Old August 21st 17, 08:19 PM posted to alt.comp.os.windows-10
Char Jackson
external usenet poster
 
Posts: 10,449
Default How do you block an IP address on Windows?

On Mon, 21 Aug 2017 18:40:33 +0000 (UTC), Bram van den Heuvel
wrote:

Given , Char Jackson
wrote:

route -p add 8.8.8.8 mask 255.255.255.255 192.168.1.254


Running as a user I get
route -p add 23.215.102.64 mask 255.255..255.255 192.168.1.254
The requested operation requires elevation.

Running as admin I get
route -p add 23.215.102.64 mask 255.255..255.255 192.168.1.254
The route addition failed: The parameter is incorrect.

I will try to debug why.


You have two decimals in the mask. (typo)
It should be 255.255.255.255


  #19  
Old August 21st 17, 08:20 PM posted to alt.comp.os.windows-10
Char Jackson
external usenet poster
 
Posts: 10,449
Default How do you block an IP address on Windows?

On Mon, 21 Aug 2017 20:03:39 +0100, Andy Burns
wrote:

Bram van den Heuvel wrote:

Running as a user


needs admin

Running as admin I get
route -p add 23.215.102.64 mask 255.255..255.255 192.168.1.254
The route addition failed: The parameter is incorrect.


get rid of the ".." it should just be "."


Sorry, I didn't see your post before I replied. You're spot on, of
course.

  #20  
Old August 21st 17, 08:43 PM posted to alt.comp.os.windows-10
Bram van den Heuvel
external usenet poster
 
Posts: 28
Default How do you block an IP address on Windows?

Given , Andy Burns
wrote:

get rid of the ".." it should just be "."


Aurgh. I used regular expressions to create the commands and I didn't even
notice the typo! I repeated that typo across all the lines so it didn't
dawn on me that it was a typo in the middle of the line. slaps head

Fixing the typo brings me this (which Char Jackson also responded to)
route -p add 23.215.102.64 mask 255.255.255.255 192.168.1.254
OK!

Woo hoo!

route print
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.69 276
23.215.102.64 255.255.255.255 192.168.1.254 192.168.1.69 21
........

I'm looking up now how to decode that "route print" but my first pass is
that any time the computer wants to get to 23.215.102.64, it will have a
metric of 21 when the binary 23.215.102.64 is "anded" with all 1s, which
just gets us the binary 23.215.102.64 back which is then sent to the
"gateway" of 192.168.1.254, which, from what Char Jackson said, might as
well be 127.0.0.1 becuase it doesn't exist.

Well, 127.0.0.1 actually exists so I wonder what the difference is between
route -p add 23.215.102.64 mask 255.255.255.255 192.168.1.254
route -p add 23.215.102.64 mask 255.255.255.255 127.0.0.1

Would both work to eliminate the chance of a route going outside?
  #21  
Old August 21st 17, 08:59 PM posted to alt.comp.os.windows-10
Andy Burns[_6_]
external usenet poster
 
Posts: 1,318
Default How do you block an IP address on Windows?

Bram van den Heuvel wrote:

127.0.0.1 actually exists so I wonder what the difference is between
route -p add 23.215.102.64 mask 255.255.255.255 192.168.1.254
route -p add 23.215.102.64 mask 255.255.255.255 127.0.0.1


Normally IPv4 routing would be disabled on windows, so it wouldn't try
to route it on if it sent it back to itself, even if it do, it would
just loop round a few times, until the TTL expired, but you might as
well send it to a blackhole as round the houses.
  #22  
Old August 21st 17, 09:12 PM posted to alt.comp.os.windows-10
David B.[_5_]
external usenet poster
 
Posts: 545
Default How do you block an IP address on Windows?

On 21/08/2017 14:14, Mayayana wrote:
"Bram van den Heuvel" wrote

| I looked up if the HOSTS file can handle IP addresses but it can't.
| It only blocks domain names using the syntax
| 127.0.0.1 www.google.com
|

Yes. It's basically a phone book. If your browser or
other software already know the IP then there's
no need for a HOSTS check. If the IP is cached there's
also no HOSTS check.

But there are also other complications. For
example:

* Microsoft or others might hard-code IPs for calling
home.

* Domains like Akamai and Cloudflare may not be
getting called directly. They provide a large
amount of Interent content, as subcontractors.
A company like MS might contract with Akamai to
use their servers when they get heavy loads. The
problem there is that Akamai is not in any way
linked through the webpage you visit. It's a back-end
setup. Akamai is also selling your personal info.**
But it's hard to do anything about it. First, if you
block them you might lose a lot of pages. Second,
even if you didn't mind that, your browser doesn't
look it up so you can't stop it in HOSTS. It seems
to somehow go through the target site, acting like
a back-end server at the site you're visiting. Wireshark
shows that you're connected to Akamai, but there
are no Akamai links in the webpage. You're being
forwarded server-side. That's a whole new(ish)
category of online tracking.

Things were originally designed to prevent privacy
intrusion online. For example, sites are not allowed
to access cookies except from their own domain.
But numerous tricks have been developed to
circumvent that, such as 3rd-party cookies or web
bugs that allow you to be tracked across domains,
and heavy use of script to monitor your actions on
a page, such as mouse movement, hover, or clicking.
Content delivery services, which serve a legitimate
purpose, have nevertheless become an additional
privacy problem. That kind of server-side redirect
opens up lots of possibilities.

As others have said, most newer routers will allow you
to completely block specific IP addresses. While that
might help with Win10 spyware, it may not be feasible
to block all Akamai or Cloudflare IPs, and you probably
wouldn't want to.

------------------------------------
** The Akamai story:

https://blogs.wsj.com/digits/2010/11...ee-technology/

That link is currently just a teaser to sign up with WSJ.
Originally the whole article was available. The gist of it
is that Akamai is estimated to provide 15-30% of Web
traffic, allowing them to monitor your activity closely
despite you never actually visiting their site. (The rest
of the article is mostly damage control, with Akamai
spokespeople claiming that advertising (read "spying")
is "not their main business".



Interesting post. Thanks. :-)

--
“Men occasionally stumble over the truth, but most of them pick
themselves up and hurry off as if nothing ever happened.” (Winston S.
Churchill)
  #24  
Old August 22nd 17, 08:47 AM posted to alt.comp.os.windows-10
Ralph Fox
external usenet poster
 
Posts: 474
Default How do you block an IP address on Windows?

On Mon, 21 Aug 2017 16:18:05 +0000 (UTC), Bram van den Heuvel wrote:

Given news wrote:

That is the job of your firewall, whichever it is.


The only firewall I have is Glasswire which I forget why I installed it
long ago.

Opening up Glasswire it has a "click to block" selection for items its
sees, but that's not the same thing because I'd have to find these IP
addresses where Glasswire seems to use domain names.



You may want to replace your firewall with another one which has
the ability to block specific IP addresses.

I used to use AVG Internet Security, which does have this ability.
https://support.avg.com/SupportArtic...fic-IP-address


--
Kind regards
Ralph
🦊
  #25  
Old August 22nd 17, 02:17 PM posted to alt.comp.os.windows-10
Bram van den Heuvel
external usenet poster
 
Posts: 28
Default How do you block an IP address on Windows?

Given , Ralph Fox
wrote:

You may want to replace your firewall with another one which has
the ability to block specific IP addresses.


I don't see what a Firewall could do to block specific IP addresses that
the route add that Char Jackson suggested doesn't do?

route -p add 23.215.102.64 mask 255.255.255.255 192.168.1.254
....
route print
================================================== =========================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
23.215.102.64 255.255.255.255 192.168.1.254 1
64.4.54.50 255.255.255.255 192.168.1.254 1
65.55.252.202 255.255.255.255 192.168.1.254 1
72.21.91.29 255.255.255.255 192.168.1.254 1
104.16.91.188 255.255.255.255 192.168.1.254 1
104.17.104.175 255.255.255.255 192.168.1.254 1
104.28.17.56 255.255.255.255 192.168.1.254 1
152.195.54.20 255.255.255.255 192.168.1.254 1
172.217.5.206 255.255.255.255 192.168.1.254 1
204.79.197.200 255.255.255.255 192.168.1.254 1
216.239.39.21 255.255.255.255 192.168.1.254 1
224.0.0.252 255.255.255.255 192.168.1.254 1
================================================== =========================

The only enigma is why a ping still works?
ping 23.215.102.64

Pinging 23.215.102.64 with 32 bytes of data:
Reply from 23.215.102.64: bytes=32 time=69ms TTL=52
Reply from 23.215.102.64: bytes=32 time=55ms TTL=52
Reply from 23.215.102.64: bytes=32 time=36ms TTL=52
Reply from 23.215.102.64: bytes=32 time=25ms TTL=52

Ping statistics for 23.215.102.64:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 69ms, Average = 46ms
  #26  
Old August 22nd 17, 04:09 PM posted to alt.comp.os.windows-10
Char Jackson
external usenet poster
 
Posts: 10,449
Default How do you block an IP address on Windows?

On Tue, 22 Aug 2017 13:17:26 +0000 (UTC), Bram van den Heuvel
wrote:

Given , Ralph Fox
wrote:

You may want to replace your firewall with another one which has
the ability to block specific IP addresses.


I don't see what a Firewall could do to block specific IP addresses that
the route add that Char Jackson suggested doesn't do?

route -p add 23.215.102.64 mask 255.255.255.255 192.168.1.254
...
route print
================================================= ==========================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
23.215.102.64 255.255.255.255 192.168.1.254 1
64.4.54.50 255.255.255.255 192.168.1.254 1
65.55.252.202 255.255.255.255 192.168.1.254 1
72.21.91.29 255.255.255.255 192.168.1.254 1
104.16.91.188 255.255.255.255 192.168.1.254 1
104.17.104.175 255.255.255.255 192.168.1.254 1
104.28.17.56 255.255.255.255 192.168.1.254 1
152.195.54.20 255.255.255.255 192.168.1.254 1
172.217.5.206 255.255.255.255 192.168.1.254 1
204.79.197.200 255.255.255.255 192.168.1.254 1
216.239.39.21 255.255.255.255 192.168.1.254 1
224.0.0.252 255.255.255.255 192.168.1.254 1
================================================= ==========================

The only enigma is why a ping still works?
ping 23.215.102.64

Pinging 23.215.102.64 with 32 bytes of data:
Reply from 23.215.102.64: bytes=32 time=69ms TTL=52
Reply from 23.215.102.64: bytes=32 time=55ms TTL=52
Reply from 23.215.102.64: bytes=32 time=36ms TTL=52
Reply from 23.215.102.64: bytes=32 time=25ms TTL=52

Ping statistics for 23.215.102.64:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 69ms, Average = 46ms


If ping works, then this method ISN'T working.

I don't have time to dig deeper right now, but it looks like Windows
pretty quickly figures out that this route is a black hole and ignores
it.

For my test, I started a continuous ping to 4.2.2.2
ping -t 4.2.2.2

Then, in a second window, I added a new route:
route add 4.2.2.2 mask 255.255.255.255 192.168.11.253
where 192.168.11.253 would be valid for my LAN, but doesn't exist.

I get a single ping failure when I add the new route, but Windows seems
to figure out that this isn't working and 'fixes' it for me. I used to
use this method quite a few years back so I know it worked then, but
it's not working now.

Changing the interface seems to help. Instead of letting Windows figure
out which interface to use, when I tell it to use Loopback instead of my
actual NIC, the ping result changes to "General Failure". So for me, the
command becomes
"route add 4.2.2.2 mask 255.255.255.255 192.168.11.253 IF 1"

Notes:
I didn't make my route persistent. I'll be deleting it after the test.
My target IP is obviously different. I needed something that replies to
ping. My LAN's 3rd octet is 11, versus 1 for your LAN. My Loopback
interface is 1, as seen in the output from "route print".

C:\Windows\System32route print
================================================== =========================
Interface List
20...1c 6f 65 32 55 3d ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
================================================== =========================

I'm thinking the old black hole method would still work if the dead end
was a hop away, rather than local (Layer 3 versus Layer 2). No time to
test that at the moment.

  #27  
Old August 22nd 17, 04:43 PM posted to alt.comp.os.windows-10
Mayayana
external usenet poster
 
Posts: 6,438
Default How do you block an IP address on Windows?

"Bram van den Heuvel" wrote

| The only enigma is why a ping still works?
| ping 23.215.102.64
|

I was unaware of this method and did some searching
out of curiosity. It seems the recommended method is
like so:

route -p add 100.100.100.100 mask 255.255.255.255 192.168.1.1 if 1

Assuming the default gateway is 192.168.1.1 and the
loopback interface is 1.

I don't claim to fully understand all that, but there
seems to be wide agreement.

Also, Nirsoft has NetRouteView which is basically a
GUI version of route.exe. That might make for easier
adjustments.

I'm still waiting to see what IPs you end up blocking
that are actually necessary to block via IP and that
don't disable websites. As much as I like the idea, it's
hard to see how it will be useful, with the possible
exception of blocking Microsoft hard-coded IPs or
similar hard-coded IPs in software. Though the latter
can more easily be blocked with a firewall, if you
use a firewall that allows for blocking outgoing
on a per-process basis.




  #28  
Old August 22nd 17, 06:01 PM posted to alt.comp.os.windows-10
Bram van den Heuvel
external usenet poster
 
Posts: 28
Default How do you block an IP address on Windows?

Given news wrote:

route -p add 100.100.100.100 mask 255.255.255.255 192.168.1.1 if 1


Here's what I tried.
route -p add 23.215.102.64 mask 255.255.255.255 192.168.1.1 if 1

Now that's a lot better!
route -p add 23.215.102.64 mask 255.255.255.255 192.168.1.1 if 1
OK!

ping 23.215.102.64

Pinging 23.215.102.64 with 32 bytes of data:
General failure.
General failure.
General failure.
General failure.

Ping statistics for 23.215.102.64:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

I'm still waiting to see what IPs you end up blocking
that are actually necessary to block via IP and that
don't disable websites.


You're the third person to say that but here's why I think it will work.
It's not going to block websites (I don't think).

It seems that everyone is erroneously thinking that I'm *starting* from a
browser but I'm not - and/or - everyone is thinking I'm blocking *domains*
(like cloudflare or akami or google), but I'm not.

Also Char Jackson was wondering if any of these connections were *incoming*
but they're not. All of them are outgoing connections first.

Which means they're *starting* from my machine!

I'm starting after a boot from nothing obviously running.
I start Wireshark.
And then I see that my machine attempts to go *out* to those IP addresses.

As much as I like the idea, it's
hard to see how it will be useful, with the possible
exception of blocking Microsoft hard-coded IPs or
similar hard-coded IPs in software.


Please *forget* anything you know about blocking web sites!
This block is stuff that is *starting* from my machine.
Obviously there are software running under the covers which phone home.
  #29  
Old August 22nd 17, 08:04 PM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default How do you block an IP address on Windows?

Bram van den Heuvel wrote:


Also Char Jackson was wondering if any of these connections were *incoming*
but they're not. All of them are outgoing connections first.

Which means they're *starting* from my machine!


Why is your machine communicating with 1e100.net ?

I thought that was for crawling web sites.
Do you run a web site ?

I don't think I've ever casually seen one of my machines
communicating with an address like that. I don't run Wireshark
all that often, so it's not like I collect daily logs
of every packet sent/received.

Paul
  #30  
Old August 22nd 17, 09:10 PM posted to alt.comp.os.windows-10
Bram van den Heuvel
external usenet poster
 
Posts: 28
Default How do you block an IP address on Windows?

Given news wrote:

Which means they're *starting* from my machine!


Why is your machine communicating with 1e100.net ?

I thought that was for crawling web sites.
Do you run a web site ?

I don't think I've ever casually seen one of my machines
communicating with an address like that. I don't run Wireshark
all that often, so it's not like I collect daily logs
of every packet sent/received.


All good questions. Here is a Wireshark screenshot from when I first
noticed the *outgoing* IP address 104.28.17.56 from my desktop 192.168.1.99
via my router 192.168.1.1 as shown in this screenshot
http://img4.imagetitan.com/img.php?i...nshot(603).jpg

I don't know how to decipher which process did that since Wireshark just
says Info=80-60589 [FIN, ACK] Seq=1 Ack=1 Win=30 Len=0

Here's another screenshot take at the same time showing an *outgoing* call
to 64.4.54.50 from the same other IP addresses, but where the communication
goes on for quite a while (and it may have something to do with
displaycatalog.mp.microsoft.com which came just before it).
http://img4.imagetitan.com/img.php?i...nshot(617).jpg

Here is a call to 204.79.197.200 made from my machine.
http://img4.imagetitan.com/img.php?i...nshot(614).jpg

The only way I know the domains is that I did a "whois" lookup afterward
but I was very clear to run nothing when these screenshots were snapped
with Windows+PrintScreen.

Other than providing the screenshots, I can't answer any of your questions
other than to say I'm probably as normal as anyone is, in that I have a
Windows 10 desktop configured probably about as normally as anyone is
configured (e.g., no servers).

I don't even know what 1e100.net means when you ask me.
Is that one of the domains of one of the IP addresses I found going out?
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 09:24 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright 2004-2024 PCbanter.
The comments are property of their posters.