X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=active-response%2Fwin%2Fnetsh.cmd;fp=active-response%2Fwin%2Fnetsh.cmd;h=66cc27d33011cf736ca0ffeaae60d3104802bd9a;hp=0000000000000000000000000000000000000000;hb=301048b51990573e58a30dc4a5bb4ec285cad554;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a

diff --git a/active-response/win/netsh.cmd b/active-response/win/netsh.cmd
new file mode 100644
index 0000000..66cc27d
--- /dev/null
+++ b/active-response/win/netsh.cmd
@@ -0,0 +1,33 @@
+:: Simple script to block an ip using netsh. Commands from http://windowsnerd.com/
+@ECHO OFF
+ECHO.
+
+
+:: Logging it all
+FOR /F "TOKENS=1* DELIMS= " %%A IN ('DATE/T') DO SET DATE=%%B
+FOR /F "TOKENS=1* DELIMS= " %%A IN ('TIME/T') DO SET TIME=%%A
+ECHO %DATE% %TIME% %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 >> active-response/active-responses.log
+
+
+IF "%1"=="add" GOTO ADD
+IF "%1"=="delete" GOTO DEL
+:ERROR
+
+ECHO "Invalid argument. %1"
+GOTO Exit;
+
+
+:: Adding to the blocked.
+
+:ADD
+:: Extracts last ip address from ipconfig.
+netsh ipsec static add policy description="ossec block list"
+netsh ipsec static add filter filterlist="ossecfilter" srcaddr=%3 dstaddr=me protocol=tcp mirrored=yes
+netsh ipsec static add rule policy="ossec" filterlist="ossecfilter" filteraction="block" desc="list of blocked ips"
+netsh ipsec static set policy assign=y
+GOTO Exit;
+
+:DEL
+netsh ipsec static delete filter filterlist="ossecfilter" srcaddr=%3 dstaddr=me protocol=tcp mirrored=yes
+
+:Exit