Jump to content

How can I block incoming traffic?


CBrauer

Recommended Posts

Hey,

MalwareBytes is blocking some incoming traffic and I thought I would force a block of the incoming traffic by IP in my Windows 10 hosts file.

My screen looks like:

host.thumb.png.e571db55184b22a98235f7b704f7e5a2.png

As you can see, incoming traffic is still getting through  to MalwareBytes.

I realize you guys are not responsible for Widows 10 administration, but I would sure appreciate it if you could advise me on how to block incoming traffic on my Window 10 machine.  I tried setting a firewall incoming rule, but MalwareBytes still sees traffic from  the IP.

Charles

Link to post
Share on other sites

The etc/hosts file is about name to IP address resolution.  Not about blocking ingress or egress.  What you show in your graphic is not a correct way to use the etc/hosts table.

To block an IP you would use the Windows Firewall or block the IP on the LAN's Router.

Using the Windows Firewall only affects that PC.  If you want all devices and computers to have that IP blocked, place the block on the Router.

Here is a proper example.  It shows that the Domain and Sub-Domains on the right are ASSIGNED an address and is telling the OS not to use DNS for resolution.  In the below exmple, it is a Name to IP negation.  That is you are telling the OS to not use DNS for resolution but instead, null sink that "name".

0.0.0.0	ca.telemetry.microsoft.com
0.0.0.0	cache.datamart.windows.com
0.0.0.0	spynet2.microsoft.com
0.0.0.0	spynetalt.microsoft.com
0.0.0.0 livejasmin.com
0.0.0.0 creatives.livejasmin.com

NOTE:  using the 0.0.0.0 notation is actually FASTER than using the 127.0.0.1 notation as the use of the IP Diagnostic Responder address actually tells the OS to try that address.  Using the 0.0.0.0 notation literally tells the OS there is no IP address assigned to that Domain or Sub-Domain.

The following example specifically tells the OS to not use DNS and specifically assign the IP address to that Domain name.

74.6.143.26   yahoo.com
172.217.6.206 google.com

 

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
Link to post
Share on other sites

  • 2 weeks later...

Just FYI, the reason you still see the blocks in Malwarebytes when blocking an IP address in the Windows Firewall is because the Web Protection in Malwarebytes resides at the same level of the network stack as the Windows Firewall itself as they both use the same WFP (Windows Filtering Platform) APIs to function.  As David mentioned above, to prevent the blocks from occurring completely your best option would be to block the IPs at your router if possible (not all routers support IP blocking/filtering, though many do).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.