This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Irritating portscanner...

Hi all,
For the last 3 weeks, I have a very irritating person who's scanning my ports 4 times a day!
I know ASG will drop the packets but I want to block his IP permantly!
In iptables there's an option to drop his connection. Is it possible to disable his IP to access the firewall? If so, how do I do this?

in the meanwhile: Everyone: HAPPY NEW YEAR !!!

This thread was automatically locked due to age.

Parents

0 BrucekConvergent over 15 years ago

You can create a Blackhole DNAT (just use a nonsensical, non-existent host definition as the final destination) for external attackers, just add them as the source group.

I do have one customer that this does not appear to work on... it is annoying that there is not a blacklist for the portscan detector itself; it's one of the first modules to see packets, so a simple packet filter drop does not work.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BrucekConvergent over 15 years ago

You can create a Blackhole DNAT (just use a nonsensical, non-existent host definition as the final destination) for external attackers, just add them as the source group.

I do have one customer that this does not appear to work on... it is annoying that there is not a blacklist for the portscan detector itself; it's one of the first modules to see packets, so a simple packet filter drop does not work.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 PabloDiablo over 15 years ago in reply to BrucekConvergent

Thanks for the fast reply. If I'm understandig it correctly, I set this up as following:
>Network Security>NAT>DNAT/SNAT>New NAT Rule:

Traffic Source: IP to be "blocked"
Traffic Service: ANY
Traffic Destination: External (WAN) Address (or ANY?)
NAT Mode: DNAT
Destination: IP of a not existing IP in LAN

Should there be a packet filter rule?????

Thanks in advance!
Cancel
Vote Up 0 Vote Down

Cancel