Blocking an IP without a Windows firewall route NULL

Blocking an Outbound connection

I have ran into a situation where a server was sending malformed requests to another server. The Windows firewall was turned off on this server, I did not want to turn it on as there is some risk that the firewall would break some connection to the application. All i needed was a quick fix to block the outbound connection.

The quick fix was to use route add and block the outbound IP (192.168.11.12). In this case the server that i am running the route add command on is 192.168.11.200 (Source), and I don’t want this server to reach the destination server 192.168.11.12.

The below command tells the source server that in order to reach 192.168.11.12 (destination IP) is to go to this router “1.1.1.1” and use this interface “if 1” which is a loopback interface as seen in route print command, so basically the traffic goes nowhere. The second you add this new rote you will see General failure error which is good, it means that the source server is no longer able to reach the destination.

Adding the static route:

C:\>route add 192.168.11.12 mask 255.255.255.255 1.1.1.1 metric 1 if 1
OK!

Removing the static route:

C:\>route delete 192.168.11.12 mask 255.255.255.255 1.1.1.1 metric 1 if 1
OK!

Here is an example:

Blocking an inbound connection

To block an inbound connection you need to do it through a firewall, Windows does not have a NULL Route for incoming connections.

The closest thing you can do is specify a static route so that the incoming connection will come in but the response will go to nowhere.

I tried to run some tests to block incoming connections but was not successful. I am suspecting due to the TCPIP failsave features like “Default gateway detection” and “ICMP redirect”.

I ran some tests like continuous ping from source to destination. I wasn’t expecting to block the incoming connection but i was expecting the destination to not reply back to the source with an echo response.

I set a static route on the destination to “route add 192.168.11.200 mask 255.255.255.255 1.1.1.1 metric 1 if 1” but the echo replies still made it to the source server. So basically the source would ping the destination but the destination should have not responded to the source as i had a static route for responses to go nowhere but they were ignored I ended my tests here.

This entry was posted in Microsoft, Networking and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *