Bruce Jackson's WebLog

Sample Code for IPSec Block Application

As I pointed out in my previous post, I have written a couple of applications for my Exchange Server at home and I would post the code if anyone was interested.  I’ve had a couple of requests and so I’ve created a web site where I’ll post links to the sample code.  Disclaimer: I know the UI is terrible, but the more I try to make my web UI attractive, the worse it gets.  So my motto is: “simple is better”.

The first is an SMTP Event Sink that handles my spam protection and I call SpamSinker.  I need to clean up the code some and will post up the source when I get that done.

The other was a small application I wrote that I had planned to incorporate into SpamSinker, but is currently a small stand-alone application I call BlockIp.  It uses the Dynamic Block of IPSec to prevent remote computers from connecting to my machine.

I wrote this because my analysis of the spam log files showed that spammers tend to use a range of IP addresses for a few days and then they move on. Instead of depending on the SpamSinker tool to catch them, I decided that once the number of inbound spam messages exceeded a certain threshold from an IP, then IPSec would block all future traffic from the IP. BlockIP was the first step in writing that code.

The following is a rough description of what the app does:

BlockIp checks for a list of IP Addresses to block when it first starts up.  If the list doesn’t exist, it creates one.  Although this file is in a .txt format, it actually is stored as xml so that the code can use the data classes generated by the MsDatasetGenerator I mentioned in my last post.

Next, it reads and lists in the UI all the IP Addresses you want to block.  It also allows you to remove one or more from the existing list.

When you press the “Save” button, it will invoke the IPSec filter (using the NetSh command) which will remain in effect until you reboot the box; or until you press the “Disable Filters” in the UI.

It would be very easy to change these from dynamic to static.  However, I chose dynamic filters since the objective was very specific: to only block IP Addresses temporarily when Spammers were using them and to release the blocks after a few days.

Feel free to download and modify the code for your use.  It is a bit rough and was not written to be sample code but merely as a placeholder until I could move it into SpamSinker and so I apologize in advance for the bogus variable names and the lack of comments.  Hopefully, when I have time to move it into SpamSinker, I’ll have time to polish it up and add a few comments.

Published Monday, August 23, 2004 3:47 PM by Bruce Jackson

Comments

 

stefan demetz said:

IMHO, IPSEC is one of the most underrrated tecnologies .... shame it's difficult to program against it ... unless you use the ipsecpol commandline
August 22, 2004 11:52 PM
 

Bruce Jackson s WebLog Sample Code for IPSec Block Application | Wood TV Stand said:

PingBack from http://woodtvstand.info/story.php?id=11968

May 31, 2009 6:06 PM
Anonymous comments are disabled

This Blog

Syndication

Tags

No tags have been created or used yet.

© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Microsoft
Page view tracker