If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
How do you block an IP address on Windows?
Given , Char Jackson
wrote: route -p add 8.8.8.8 mask 255.255.255.255 192.168.1.254 Running as a user I get route -p add 23.215.102.64 mask 255.255..255.255 192.168.1.254 The requested operation requires elevation. Running as admin I get route -p add 23.215.102.64 mask 255.255..255.255 192.168.1.254 The route addition failed: The parameter is incorrect. I will try to debug why. |
Ads |
#17
|
|||
|
|||
How do you block an IP address on Windows?
Bram van den Heuvel wrote:
Running as a user needs admin Running as admin I get route -p add 23.215.102.64 mask 255.255..255.255 192.168.1.254 The route addition failed: The parameter is incorrect. get rid of the ".." it should just be "." |
#18
|
|||
|
|||
How do you block an IP address on Windows?
On Mon, 21 Aug 2017 18:40:33 +0000 (UTC), Bram van den Heuvel
wrote: Given , Char Jackson wrote: route -p add 8.8.8.8 mask 255.255.255.255 192.168.1.254 Running as a user I get route -p add 23.215.102.64 mask 255.255..255.255 192.168.1.254 The requested operation requires elevation. Running as admin I get route -p add 23.215.102.64 mask 255.255..255.255 192.168.1.254 The route addition failed: The parameter is incorrect. I will try to debug why. You have two decimals in the mask. (typo) It should be 255.255.255.255 |
#19
|
|||
|
|||
How do you block an IP address on Windows?
On Mon, 21 Aug 2017 20:03:39 +0100, Andy Burns
wrote: Bram van den Heuvel wrote: Running as a user needs admin Running as admin I get route -p add 23.215.102.64 mask 255.255..255.255 192.168.1.254 The route addition failed: The parameter is incorrect. get rid of the ".." it should just be "." Sorry, I didn't see your post before I replied. You're spot on, of course. |
#20
|
|||
|
|||
How do you block an IP address on Windows?
Given , Andy Burns
wrote: get rid of the ".." it should just be "." Aurgh. I used regular expressions to create the commands and I didn't even notice the typo! I repeated that typo across all the lines so it didn't dawn on me that it was a typo in the middle of the line. slaps head Fixing the typo brings me this (which Char Jackson also responded to) route -p add 23.215.102.64 mask 255.255.255.255 192.168.1.254 OK! Woo hoo! route print Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.69 276 23.215.102.64 255.255.255.255 192.168.1.254 192.168.1.69 21 ........ I'm looking up now how to decode that "route print" but my first pass is that any time the computer wants to get to 23.215.102.64, it will have a metric of 21 when the binary 23.215.102.64 is "anded" with all 1s, which just gets us the binary 23.215.102.64 back which is then sent to the "gateway" of 192.168.1.254, which, from what Char Jackson said, might as well be 127.0.0.1 becuase it doesn't exist. Well, 127.0.0.1 actually exists so I wonder what the difference is between route -p add 23.215.102.64 mask 255.255.255.255 192.168.1.254 route -p add 23.215.102.64 mask 255.255.255.255 127.0.0.1 Would both work to eliminate the chance of a route going outside? |
#21
|
|||
|
|||
How do you block an IP address on Windows?
Bram van den Heuvel wrote:
127.0.0.1 actually exists so I wonder what the difference is between route -p add 23.215.102.64 mask 255.255.255.255 192.168.1.254 route -p add 23.215.102.64 mask 255.255.255.255 127.0.0.1 Normally IPv4 routing would be disabled on windows, so it wouldn't try to route it on if it sent it back to itself, even if it do, it would just loop round a few times, until the TTL expired, but you might as well send it to a blackhole as round the houses. |
#22
|
|||
|
|||
How do you block an IP address on Windows?
On 21/08/2017 14:14, Mayayana wrote:
"Bram van den Heuvel" wrote | I looked up if the HOSTS file can handle IP addresses but it can't. | It only blocks domain names using the syntax | 127.0.0.1 www.google.com | Yes. It's basically a phone book. If your browser or other software already know the IP then there's no need for a HOSTS check. If the IP is cached there's also no HOSTS check. But there are also other complications. For example: * Microsoft or others might hard-code IPs for calling home. * Domains like Akamai and Cloudflare may not be getting called directly. They provide a large amount of Interent content, as subcontractors. A company like MS might contract with Akamai to use their servers when they get heavy loads. The problem there is that Akamai is not in any way linked through the webpage you visit. It's a back-end setup. Akamai is also selling your personal info.** But it's hard to do anything about it. First, if you block them you might lose a lot of pages. Second, even if you didn't mind that, your browser doesn't look it up so you can't stop it in HOSTS. It seems to somehow go through the target site, acting like a back-end server at the site you're visiting. Wireshark shows that you're connected to Akamai, but there are no Akamai links in the webpage. You're being forwarded server-side. That's a whole new(ish) category of online tracking. Things were originally designed to prevent privacy intrusion online. For example, sites are not allowed to access cookies except from their own domain. But numerous tricks have been developed to circumvent that, such as 3rd-party cookies or web bugs that allow you to be tracked across domains, and heavy use of script to monitor your actions on a page, such as mouse movement, hover, or clicking. Content delivery services, which serve a legitimate purpose, have nevertheless become an additional privacy problem. That kind of server-side redirect opens up lots of possibilities. As others have said, most newer routers will allow you to completely block specific IP addresses. While that might help with Win10 spyware, it may not be feasible to block all Akamai or Cloudflare IPs, and you probably wouldn't want to. ------------------------------------ ** The Akamai story: https://blogs.wsj.com/digits/2010/11...ee-technology/ That link is currently just a teaser to sign up with WSJ. Originally the whole article was available. The gist of it is that Akamai is estimated to provide 15-30% of Web traffic, allowing them to monitor your activity closely despite you never actually visiting their site. (The rest of the article is mostly damage control, with Akamai spokespeople claiming that advertising (read "spying") is "not their main business". Interesting post. Thanks. :-) -- “Men occasionally stumble over the truth, but most of them pick themselves up and hurry off as if nothing ever happened.” (Winston S. Churchill) |
#24
|
|||
|
|||
How do you block an IP address on Windows?
On Mon, 21 Aug 2017 16:18:05 +0000 (UTC), Bram van den Heuvel wrote:
Given news wrote: That is the job of your firewall, whichever it is. The only firewall I have is Glasswire which I forget why I installed it long ago. Opening up Glasswire it has a "click to block" selection for items its sees, but that's not the same thing because I'd have to find these IP addresses where Glasswire seems to use domain names. You may want to replace your firewall with another one which has the ability to block specific IP addresses. I used to use AVG Internet Security, which does have this ability. https://support.avg.com/SupportArtic...fic-IP-address -- Kind regards Ralph 🦊 |
#25
|
|||
|
|||
How do you block an IP address on Windows?
Given , Ralph Fox
wrote: You may want to replace your firewall with another one which has the ability to block specific IP addresses. I don't see what a Firewall could do to block specific IP addresses that the route add that Char Jackson suggested doesn't do? route -p add 23.215.102.64 mask 255.255.255.255 192.168.1.254 .... route print ================================================== ========================= Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.1.1 Default 23.215.102.64 255.255.255.255 192.168.1.254 1 64.4.54.50 255.255.255.255 192.168.1.254 1 65.55.252.202 255.255.255.255 192.168.1.254 1 72.21.91.29 255.255.255.255 192.168.1.254 1 104.16.91.188 255.255.255.255 192.168.1.254 1 104.17.104.175 255.255.255.255 192.168.1.254 1 104.28.17.56 255.255.255.255 192.168.1.254 1 152.195.54.20 255.255.255.255 192.168.1.254 1 172.217.5.206 255.255.255.255 192.168.1.254 1 204.79.197.200 255.255.255.255 192.168.1.254 1 216.239.39.21 255.255.255.255 192.168.1.254 1 224.0.0.252 255.255.255.255 192.168.1.254 1 ================================================== ========================= The only enigma is why a ping still works? ping 23.215.102.64 Pinging 23.215.102.64 with 32 bytes of data: Reply from 23.215.102.64: bytes=32 time=69ms TTL=52 Reply from 23.215.102.64: bytes=32 time=55ms TTL=52 Reply from 23.215.102.64: bytes=32 time=36ms TTL=52 Reply from 23.215.102.64: bytes=32 time=25ms TTL=52 Ping statistics for 23.215.102.64: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 25ms, Maximum = 69ms, Average = 46ms |
#26
|
|||
|
|||
How do you block an IP address on Windows?
On Tue, 22 Aug 2017 13:17:26 +0000 (UTC), Bram van den Heuvel
wrote: Given , Ralph Fox wrote: You may want to replace your firewall with another one which has the ability to block specific IP addresses. I don't see what a Firewall could do to block specific IP addresses that the route add that Char Jackson suggested doesn't do? route -p add 23.215.102.64 mask 255.255.255.255 192.168.1.254 ... route print ================================================= ========================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.1.1 Default 23.215.102.64 255.255.255.255 192.168.1.254 1 64.4.54.50 255.255.255.255 192.168.1.254 1 65.55.252.202 255.255.255.255 192.168.1.254 1 72.21.91.29 255.255.255.255 192.168.1.254 1 104.16.91.188 255.255.255.255 192.168.1.254 1 104.17.104.175 255.255.255.255 192.168.1.254 1 104.28.17.56 255.255.255.255 192.168.1.254 1 152.195.54.20 255.255.255.255 192.168.1.254 1 172.217.5.206 255.255.255.255 192.168.1.254 1 204.79.197.200 255.255.255.255 192.168.1.254 1 216.239.39.21 255.255.255.255 192.168.1.254 1 224.0.0.252 255.255.255.255 192.168.1.254 1 ================================================= ========================== The only enigma is why a ping still works? ping 23.215.102.64 Pinging 23.215.102.64 with 32 bytes of data: Reply from 23.215.102.64: bytes=32 time=69ms TTL=52 Reply from 23.215.102.64: bytes=32 time=55ms TTL=52 Reply from 23.215.102.64: bytes=32 time=36ms TTL=52 Reply from 23.215.102.64: bytes=32 time=25ms TTL=52 Ping statistics for 23.215.102.64: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 25ms, Maximum = 69ms, Average = 46ms If ping works, then this method ISN'T working. I don't have time to dig deeper right now, but it looks like Windows pretty quickly figures out that this route is a black hole and ignores it. For my test, I started a continuous ping to 4.2.2.2 ping -t 4.2.2.2 Then, in a second window, I added a new route: route add 4.2.2.2 mask 255.255.255.255 192.168.11.253 where 192.168.11.253 would be valid for my LAN, but doesn't exist. I get a single ping failure when I add the new route, but Windows seems to figure out that this isn't working and 'fixes' it for me. I used to use this method quite a few years back so I know it worked then, but it's not working now. Changing the interface seems to help. Instead of letting Windows figure out which interface to use, when I tell it to use Loopback instead of my actual NIC, the ping result changes to "General Failure". So for me, the command becomes "route add 4.2.2.2 mask 255.255.255.255 192.168.11.253 IF 1" Notes: I didn't make my route persistent. I'll be deleting it after the test. My target IP is obviously different. I needed something that replies to ping. My LAN's 3rd octet is 11, versus 1 for your LAN. My Loopback interface is 1, as seen in the output from "route print". C:\Windows\System32route print ================================================== ========================= Interface List 20...1c 6f 65 32 55 3d ......Realtek PCIe GBE Family Controller 1...........................Software Loopback Interface 1 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4 ================================================== ========================= I'm thinking the old black hole method would still work if the dead end was a hop away, rather than local (Layer 3 versus Layer 2). No time to test that at the moment. |
#27
|
|||
|
|||
How do you block an IP address on Windows?
"Bram van den Heuvel" wrote
| The only enigma is why a ping still works? | ping 23.215.102.64 | I was unaware of this method and did some searching out of curiosity. It seems the recommended method is like so: route -p add 100.100.100.100 mask 255.255.255.255 192.168.1.1 if 1 Assuming the default gateway is 192.168.1.1 and the loopback interface is 1. I don't claim to fully understand all that, but there seems to be wide agreement. Also, Nirsoft has NetRouteView which is basically a GUI version of route.exe. That might make for easier adjustments. I'm still waiting to see what IPs you end up blocking that are actually necessary to block via IP and that don't disable websites. As much as I like the idea, it's hard to see how it will be useful, with the possible exception of blocking Microsoft hard-coded IPs or similar hard-coded IPs in software. Though the latter can more easily be blocked with a firewall, if you use a firewall that allows for blocking outgoing on a per-process basis. |
#28
|
|||
|
|||
How do you block an IP address on Windows?
Given news
wrote:
route -p add 100.100.100.100 mask 255.255.255.255 192.168.1.1 if 1 Here's what I tried. route -p add 23.215.102.64 mask 255.255.255.255 192.168.1.1 if 1 Now that's a lot better! route -p add 23.215.102.64 mask 255.255.255.255 192.168.1.1 if 1 OK! ping 23.215.102.64 Pinging 23.215.102.64 with 32 bytes of data: General failure. General failure. General failure. General failure. Ping statistics for 23.215.102.64: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), I'm still waiting to see what IPs you end up blocking that are actually necessary to block via IP and that don't disable websites. You're the third person to say that but here's why I think it will work. It's not going to block websites (I don't think). It seems that everyone is erroneously thinking that I'm *starting* from a browser but I'm not - and/or - everyone is thinking I'm blocking *domains* (like cloudflare or akami or google), but I'm not. Also Char Jackson was wondering if any of these connections were *incoming* but they're not. All of them are outgoing connections first. Which means they're *starting* from my machine! I'm starting after a boot from nothing obviously running. I start Wireshark. And then I see that my machine attempts to go *out* to those IP addresses. As much as I like the idea, it's hard to see how it will be useful, with the possible exception of blocking Microsoft hard-coded IPs or similar hard-coded IPs in software. Please *forget* anything you know about blocking web sites! This block is stuff that is *starting* from my machine. Obviously there are software running under the covers which phone home. |
#29
|
|||
|
|||
How do you block an IP address on Windows?
Bram van den Heuvel wrote:
Also Char Jackson was wondering if any of these connections were *incoming* but they're not. All of them are outgoing connections first. Which means they're *starting* from my machine! Why is your machine communicating with 1e100.net ? I thought that was for crawling web sites. Do you run a web site ? I don't think I've ever casually seen one of my machines communicating with an address like that. I don't run Wireshark all that often, so it's not like I collect daily logs of every packet sent/received. Paul |
#30
|
|||
|
|||
How do you block an IP address on Windows?
Given news
wrote:
Which means they're *starting* from my machine! Why is your machine communicating with 1e100.net ? I thought that was for crawling web sites. Do you run a web site ? I don't think I've ever casually seen one of my machines communicating with an address like that. I don't run Wireshark all that often, so it's not like I collect daily logs of every packet sent/received. All good questions. Here is a Wireshark screenshot from when I first noticed the *outgoing* IP address 104.28.17.56 from my desktop 192.168.1.99 via my router 192.168.1.1 as shown in this screenshot http://img4.imagetitan.com/img.php?i...nshot(603).jpg I don't know how to decipher which process did that since Wireshark just says Info=80-60589 [FIN, ACK] Seq=1 Ack=1 Win=30 Len=0 Here's another screenshot take at the same time showing an *outgoing* call to 64.4.54.50 from the same other IP addresses, but where the communication goes on for quite a while (and it may have something to do with displaycatalog.mp.microsoft.com which came just before it). http://img4.imagetitan.com/img.php?i...nshot(617).jpg Here is a call to 204.79.197.200 made from my machine. http://img4.imagetitan.com/img.php?i...nshot(614).jpg The only way I know the domains is that I did a "whois" lookup afterward but I was very clear to run nothing when these screenshots were snapped with Windows+PrintScreen. Other than providing the screenshots, I can't answer any of your questions other than to say I'm probably as normal as anyone is, in that I have a Windows 10 desktop configured probably about as normally as anyone is configured (e.g., no servers). I don't even know what 1e100.net means when you ask me. Is that one of the domains of one of the IP addresses I found going out? |
Thread Tools | |
Display Modes | Rate This Thread |
|
|