My problem is that my IP Security Policy is not blocking HTTP packets from 85.214.108.52. Here are my IP Filter Properties: Source Address: 85.214.0.0/16 Destination Address: Any IP Address Mirrored: Unchecked Protocol Type: Any The Filter Action is DENY. But this guy keeps getting through and blasts my webserver with hundreds of requests causing 404 errors. He is obviously testing for a response. Any troubleshooting tips or suggestions would be helpful. I'm running a Windows 2008 Web Server but security looks identical to Windows 2003.

Hi, I would block the specific IP through Windows Firewall and Advanced Security. IPSec is used more to enforce encryption policies than to serve as a host based firewall. Please see http://technet.microsoft.com/en-us/library/cc748991%28WS.10%29.aspx -- Mike Burr

Mike, This seems to be a better approach with more potential but I'm struggling a bit with the syntax. I've created a rule from the command line but keep getting an error when I use "protocol=all". THIS WORKS: firewall add rule name="Bad_Guys_Blocked" dir=in action=block protocol=tcp remoteip=211.21.204.190 THIS TRIGGERS AN ERROR: firewall add rule name="Bad_Guys_Blocked" dir=in action=block protocol=all remoteip=211.21.204.190 Any ideas? Thanks

Rather than using Deny, you should be defining the action as Block (need to add a new action type) Also, remember that if there is a more specific rule (since you are using a source address of 85.214.0.0/16 and protocol type any) that produces a rule match in your IPSec rules, the client would be allowed. Brian

Thanks Brian - but I am using the block value. The problem is with the protocol value. If I use tcp it works if I use any it does not - and yet that is a valid value. Is this a bug? This seems to be a better approach with more potential but I'm struggling a bit with the syntax. I've created a rule from the command line but keep getting an error when I use "protocol=all". THIS WORKS: firewall add rule name="Bad_Guys_Blocked" dir=in action=block protocol=tcp remoteip=211.21.204.190 THIS TRIGGERS AN ERROR: firewall add rule name="Bad_Guys_Blocked" dir=in action=block protocol=all remoteip=211.21.204.190