Determine if IP is blocked

Question

Does anyone know if it is possible to reliably determine (programattically C/C++...) whether or not a firewall or IP filtering software is installed on a Windows PC? I need to detect whether a certain server IP is being blocked in my client software by the host OS.

I don't need to worry about external hardware firewals in this situation as I have full control of this. It is only software firewalls that I am concerned with. My hope was that I could iterate the windows network stack or NDIS interfaces and determine this

Answer 1

You'd have to translate from C#, but this blog post explains how to check if the Windows firewall is enabled: http://www.shafqatahmed.com/2008/01/controlling-win.html

Answer 2

And if that IP is blocked on their external firewall hardware? It would be absolutely impossible to tell why a given host was unreachable.

Answer 3

One possible solution is to take advantage of the fact that firewalls don't tend to block access to port 80, but will block access to other ports. So you could try connecting to port 80, then if successful, connect via a commonly blocked port (see here for an example list)

Answer 4

You can't really tell if an IP is being blocked, at least not without knowing what firewall software you're looking for and checking it specifically. Some thoughts:

• Check for specific firewalls (e.g. Windows firewall) being enabled or blocking your server
• Check the hosts file for an entry blocking your server IP
• connect through a proxy or proxies and see if they can access the IP in the event your client cannot.
• Test the server to see if it's reachable (after all, that's what you're really testing for, right? To see if the server can be communicated with?). It may make sense to test this multiple times/periodically in case of actual outages on your server side as well.

Answer 5

Try invoking Ping.

Answer 6

There could be a hack if you can assume following:

1. Outgoing HTTP connections are allowed

2. You can run one of your own service on another server listening on port 80

Code your service to accept an IP [and a port or maybe a url]. It must return whether it was able to connect to the IP.

This way you can find out whether the actual server is up and running. If the server is not available directly you can conclude that it is being blocked by a firewall.

If you do not want to code/run your own service, you might be able to use one of the network status web-service available on the internet.

Answer 7

I was going to suggest doing some 'expect'-style programming on netsh... but usually when there is a command line app like this there is a library behind it.

Look at the Windows Firewall API. I can't say that this will solve your specific problem, but it seems likely.

Sample code for checking if a specific port is allowed... A good example showing the headers needed.

Answer 8

After reading some of your comments in reply to other answers, I think this might actually be closer to what you're looking for. It might not catch every type of firewall but any major firewall vendor should be registered with the Security Center and therefore detected with this method. You could also combine this with some of the other answers here to give yourself a second level of verification.

Detecting running firewalls in windows

It's an Expert's Exchange post so you may not be able to read the thread. Just in case, I've copied and pasted the relevant info. It's in VBScript but it should point you in the right direction as far as what WMI namespaces you can use.

KemalRouge: I've just solved this problem with some help from a colleague. He pointed me in the direction of a knowledge base article, which pointed out that this information was stored in the WMI database

Basically, it's possible to query the WMI in a few lines of code to find out what firewalls/anti-virus software is being monitored by the Security Center, and the status of this software (i.e. enabled or not).

Anyway, if you're interested, here's some VB code I used to test this out (you'll need a reference to "Microsoft WMI Scripting V1.2 Library"):

Private Sub DumpFirewallInfo()

Dim oLocator    As WbemScripting.SWbemLocator
Dim oService    As WbemScripting.SWbemServicesEx
Dim oFirewalls  As WbemScripting.SWbemObjectSet
Dim oFirewall   As WbemScripting.SWbemObjectEx
Dim oFwMgr      As Variant


    Set oFwMgr = CreateObject("HNetCfg.FwMgr")

    Debug.Print "Checking the Windows Firewall..."
    Debug.Print "Windows Firewal Enabled: " & oFwMgr.LocalPolicy.CurrentProfile.FirewallEnabled
    Debug.Print ""

    Set oFwMgr = Nothing


    Debug.Print "Checking for other installed firewalls..."

    Set oLocator = New WbemScripting.SWbemLocator
    Set oService = oLocator.ConnectServer(".", "root\SecurityCenter")
    oService.Security_.ImpersonationLevel = 3

    Set oFirewalls = oService.ExecQuery("SELECT * FROM FirewallProduct") ' This could also be "AntivirusProduct"

    For Each oFirewall In oFirewalls
        Debug.Print "Company:       " & vbTab & oFirewall.CompanyName
        Debug.Print "Firewall Name: " & vbTab & oFirewall.DisplayName
        Debug.Print "Enabled:       " & vbTab & Format$(oFirewall.Enabled)
        Debug.Print "Version:       " & vbTab & oFirewall.versionNumber
        Debug.Print ""
    Next oFirewall

    Set oFirewall = Nothing
    Set oFirewalls = Nothing
    Set oService = Nothing
    Set oLocator = Nothing

End Sub