I didn't apply directly to any interface. Im sorry I am noob stupid on ACLs. I just went into the configuration terminal and added the extended acl then started adding the acl rules.

Just to add to Georg's post. 

That acl would block all traffic not just to that host. 

If you don't want that then add a "permit ip any any" to the end of it .

Jon

Just to add to what the other posters have noted.  You can block all IP traffic (not just ICMP, TCP and UDP), to that host, with one ACE i.e.:

ip access-list extended NOC
deny ip any host 192.40.120.4 log
permit ip any any !this is needed because Cisco ACLs all have an implicit deny any any at the end of the ACL.  (This is why Jon posted what he did.)

Also ACL might be applied either in or out, but which to use depends on the flow of traffic to the host.

If you had host <> e1 router e2, you could do either:

interface e1
ip access-group NOC out

!or

interface e2
ip access-group NOC in

An "in" ACL is more efficient than an "out" ACL, so from that aspect, you would use the second choice, above. However, if the router had multiple interfaces, that traffic to your host might ingress, you would need an "in" ACL on each. So, from a configuration standpoint, just using the first choice, above, would be simpler.

Lastly, use the "log" option with care, as it slows ACL processing.

I got it now. I changed the ACL to access-list 102 permit tcp any any established
access-list 102 deny   tcp any host 192.40.120.4 eq 22 log
access-list 102 deny   icmp any host 192.40.120.4 log
access-list 102 permit ip any any
 and added ip access-group 102 in to my WAN and the acl is working. Thank you!