If you notice unauthorised attacks on you network in your event viewer Event ID 20271 Remote Access
Create a BLACKLIST rule using Windows Firewall
Open Windows Firewall with Advanced Security by running wf.msc
On the left, select Inbound Rules, then under the Action menu, choose New Rule
On the Rule Type page, choose Custom.
On Profile, leave the defaults of everything checked.
Finally, on Name give the rule a name like “Blacklisting”, and optionally a description.
See here on how to automate this using PowerShell Event Viewer Scanning & Firewall rules
1. First check if the DENY property is set on your DHCP server
If not you can activate it like this
Set-DhcpServerv4FilterList -ComputerName "YourDHCPServer" -Allow $False -Deny $True
Next you can list all IP’s
And check if they exist as blocked.
If you need to add extra you can use this Cmd
Add-DhcpServerv4Filter -List Deny -MacAddress "F0-DE-F1-7A-00-5E" -Description "iphone 09"
See here on how to Blacklist based on MAC Address
Safety First …