I'm trying to block an IP from logging in to the DC, or doing anything else really on the Windows domain.
I set a firewall rule with all protocols and programs enabled, all ports, and added the IP for both local and remote. The rule applies on domain, private and public. And I made sure the rule is enabled ;)
Yet somehow, I can still see in my logs that login attempts using bad credentials have occurred originating from the IP that I blocked. How's that possible, and how can I stop this?
The IP is one from our internal network.