Question to report of Network monitor

Peter_1985 2,526 Reputation points
2021-03-22T05:49:12.403+00:00

Hi,
Here is details captured from report of Network monitor.

No. Time Source Destination Protocol Length Info
3 0.000000000 177.93.152.158 1??.??.??.??7 CLDAP 93 searchRequest(7) "<ROOT>" baseObject

Frame 3: 93 bytes on wire (744 bits), 93 bytes captured (744 bits)
Ethernet II, Src: Hangzhou_5a:c6:15 (50:da:00:5a:c6:15), Dst: Rebox_d9:18:9b (00:16:3c:d9:18:9b)
Internet Protocol Version 4, Src: 177.93.152.158, Dst: 103.15.21.107
User Datagram Protocol, Src Port: 25933, Dst Port: 389
Connectionless Lightweight Directory Access Protocol

I then have created relevant firewall rule like

netsh advfirewall firewall add rule name="NETRule21/03/2021 21:41:37_1" dir=in action=block remoteip=177.93.1.1-177.93.255.255

would this rule help to fight against any invalid attack/access?

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,374 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,169 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,273 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
515 questions
0 comments
Accepted answer
  1. Sunny Qi 10,906 Reputation points Microsoft Vendor
    2021-03-29T04:35:51.027+00:00

    Hi,

    Sorry for my late reply since I was taking a holiday since last Friday.

    Regarding of specific IP which was blocked by Windows Firewall, if you enable the firewall log, then we could check the firewall log to see if the traffic was blocked by Windows Firewall. In firewall log, if we find the traffic was dropped, the rules for blocking specific IP was initiated successfully in our firewall.

    Attaching my test result for your reference. As you can see in the firewall log, we could receive traffic from the specific IP, once received, the traffic was dropped by windows firewall.

    82148-image-3.jpg

    82225-image-2.jpg

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments

8 additional answers

Sort by: Newest
Most helpful Newest Oldest
  1. Peter_1985 2,526 Reputation points
    2021-03-29T07:52:12.287+00:00

    Thanks a lot.
    One last thing, will the rule below be blocking whatever traffic, regarding UDP, ICMP, and TCP, right?

    netsh advfirewall firewall add rule name="NETRule28/03/2021 14:13:06_1" dir=out action=block remoteip=73.13.1.1-73.13.255.255

  2. Sunny Qi 10,906 Reputation points Microsoft Vendor
    2021-03-29T07:38:23.923+00:00

    Hi,

    I have tested in my lab. If the traffic has been blocked by Windows Firewall, then it will not be reported in Ethernet in Performance tag of Task manager.

    82247-image-4.jpg

    82326-image-5.jpg

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  3. Peter_1985 2,526 Reputation points
    2021-03-29T07:18:29.95+00:00

    Hi,
    Is relevant details (rejected by firewall) still part of Ethernet's traffic reported below?
    82312-a27.png

    0 comments
  4. Peter_1985 2,526 Reputation points
    2021-03-29T05:01:00.85+00:00

    Hi Sunny,
    Does it mean whatever IP being rejected by Firewall rules, would not be able to annoy server/machine, by producing lots of heavy traffic, right?