Jump to content

Block IP's from accessing my network?

MrSimplicity
By MrSimplicity
in Networking
 Share
Posted

I googled to no avail. And I know the simplest solution is disabling it out right.

 

Background: I have RDP enabled on my home server and port forwarded so that I can access it from elsewhere when I'm not home. I access it more often when I'm not home than when I am.

Question: I need to figure out how to block specific IP's from my network entirely. I have the log file from my router with all the IP's that have tried accessing my server and would not care if I had to enter every single one manually. I have a netgear nighthawk router and after googling a solution found that netgear does not have a service that has a feature to specifically block IP's.

Is there anyway to do this that wouldn't require me to disable to the port forward or to buy a new router? Or maybe something I can setup to block any IP that has a failed login attempt even once?

If it comes down to it I'll just disable the port forward but I would very much rather not. As I said I access my server more when I'm not home.

CPU: Intel Core i9-10900K 3.7 GHz 10-Core Processor
CPU Cooler: ASUS ROG RYUO III 360 ARGB White Edition All-in-one AIO Liquid CPU Cooler
Motherboard: Asus ROG STRIX Z490-E GAMING ATX LGA1200 Motherboard 
Memory: G.Skill Trident Z RGB 32 GB (4 x 8 GB) DDR4-3200 Memory Boosted to 4400MHz

Storage: 6 various HDDs and SSDs
Video Card: ASUS ROG Strix 3090
Case: Lian Li O11 Dynamic XL 
Power Supply: Asus ROG Thor 1000w
Operating System: Microsoft Windows 11 Pro
Monitor: Samsung Odyssey G9 OLED 49"
Keyboard: Logitech G915 
Mouse: Logitech G502 LIGHTSPEED
Headphones: Sennheiser RS 175

Mic: Blue Yeti

Link to comment
https://linustechtips.com/topic/1442066-block-ips-from-accessing-my-network/
Share on other sites
Link to post
Share on other sites
Posted
3 hours ago, MrSimplicity said:

Background: I have RDP enabled on my home server and port forwarded so that I can access it from elsewhere when I'm not home. I access it more often when I'm not home than when I am.

That is a MAJOR no no. Looking at the spec sheet of your router, it seems it supports OpenVPN Connect server to access to your network from outside. Set up your own VPN and connect to your networking using that VPN. Dont go out forwarding 3389, 445 and 139 out in the open.

mY sYsTeM iS Not pErfoRmInG aS gOOd As I sAW oN yOuTuBe. WhA t IS a GoOd FaN CuRVe??!!? wHat aRe tEh GoOd OvERclok SeTTinGS FoR My CaRd??  HoW CaN I foRcE my GpU to uSe 1o0%? BuT WiLL i HaVE Bo0tllEnEcKs? RyZEN dOeS NoT peRfORm BetTer wItH HiGhER sPEED RaM!!dId i WiN teH SiLiCON LotTerrYyOu ShoUlD dEsHrOuD uR GPUmy SYstEm iS UNDerPerforMiNg iN WarzONEcan mY Pc Run WiNdOwS 11 ?woUld BaKInG MY GRaPHics card fIX it? MultimETeR TeSTiNG!! aMd'S GpU DrIvErS aRe as goOD aS NviDia's YOU SHoUlD oVERCloCk yOUR ramS To 5000C18! jellYfIn Client siDE TRanscoDinG

Link to post
Share on other sites
Posted
2 hours ago, MrSimplicity said:

I googled to no avail. And I know the simplest solution is disabling it out right.

 

Background: I have RDP enabled on my home server and port forwarded so that I can access it from elsewhere when I'm not home. I access it more often when I'm not home than when I am.

Question: I need to figure out how to block specific IP's from my network entirely. I have the log file from my router with all the IP's that have tried accessing my server and would not care if I had to enter every single one manually. I have a netgear nighthawk router and after googling a solution found that netgear does not have a service that has a feature to specifically block IP's.

Is there anyway to do this that wouldn't require me to disable to the port forward or to buy a new router? Or maybe something I can setup to block any IP that has a failed login attempt even once?

If it comes down to it I'll just disable the port forward but I would very much rather not. As I said I access my server more when I'm not home.

That's a great way to get hacked...

 

As @Levent said use OpenVPN Access Server to access your network.

A PC Enthusiast since 2011
AMD Ryzen 7 5700X@4.65GHz | GIGABYTE RTX 3080 GAMING OC | 4x 8GB Micron Rev.E (D9VPP) 3800MHz 16-19-14-21-58
Link to post
Share on other sites
Posted
4 hours ago, MrSimplicity said:

I googled to no avail. And I know the simplest solution is disabling it out right.

 

Background: I have RDP enabled on my home server and port forwarded so that I can access it from elsewhere when I'm not home. I access it more often when I'm not home than when I am.

Question: I need to figure out how to block specific IP's from my network entirely. I have the log file from my router with all the IP's that have tried accessing my server and would not care if I had to enter every single one manually. I have a netgear nighthawk router and after googling a solution found that netgear does not have a service that has a feature to specifically block IP's.

Is there anyway to do this that wouldn't require me to disable to the port forward or to buy a new router? Or maybe something I can setup to block any IP that has a failed login attempt even once?

If it comes down to it I'll just disable the port forward but I would very much rather not. As I said I access my server more when I'm not home.

You should never forward smb ports...

Link to post
Share on other sites
Posted
19 hours ago, Denniz said:

You should never forward smb ports...

While true, there is nothing there suggesting they are forwarding SMB, only RDP (which is also a no no of course).

ASUS B650E-F GAMING WIFI + R7 7800X3D + 2x Corsair Vengeance 32GB DDR5-6000 CL30-36-36-76  + ASUS RTX 4090 TUF Gaming OC

Router:  Intel N100 (pfSense) Backup: GL.iNet GL-X3000/ Spitz AX Switches: Netgear MS510TXUP, MS510TXPP, GS110EMX
WiFi6: Zyxel NWA210AX (1.7Gbit peak at 160Mhz) WiFi5: Ubiquiti NanoHD OpenWRT (~500Mbit at 80Mhz)
ISPs: Zen Full Fibre 900 (~930Mbit down, 115Mbit up) + Three 5G (~1200Mbit down, 115Mbit up, variable)
Upgrading Laptop/Desktop CNVIo WiFi 5 cards to PCIe WiFi6e/7

Link to post
Share on other sites
Posted

Forwarding port 3389 is a really bad idea. Use the VPN as suggested on your Firewall.

 

I've gone rounds with this problem with countless clients. As soon as you block an external IP the bot will simply move to another IP. Don't bother with geo blocking either. The bad guys are smart enough to rent servers on networks that get around this. You cannot actively filter attacking IPs. 

Link to post
Share on other sites
Posted
46 minutes ago, wseaton said:

Forwarding port 3389 is a really bad idea. Use the VPN as suggested on your Firewall.

 

I've gone rounds with this problem with countless clients. As soon as you block an external IP the bot will simply move to another IP. Don't bother with geo blocking either. The bad guys are smart enough to rent servers on networks that get around this. You cannot actively filter attacking IPs. 

Geoblocking does help, my server logs used to be absolutely full of exploit attempts on my web and SSH servers and they all stopped once I limited incoming to US and EU only at the router.  Its not foolproof by any means, but if you know you will never access from outside a specific country anyway, its another layer of protection - or at least cuts down on log spam.

 

Basically every extra layer you have to deter people will encourage the bots to move along to someone else.  Plus it cuts down on how much of a resource hog it is as its dropped straight at the firewall rather than making it to the server and wasting CPU cycles.

ASUS B650E-F GAMING WIFI + R7 7800X3D + 2x Corsair Vengeance 32GB DDR5-6000 CL30-36-36-76  + ASUS RTX 4090 TUF Gaming OC

Router:  Intel N100 (pfSense) Backup: GL.iNet GL-X3000/ Spitz AX Switches: Netgear MS510TXUP, MS510TXPP, GS110EMX
WiFi6: Zyxel NWA210AX (1.7Gbit peak at 160Mhz) WiFi5: Ubiquiti NanoHD OpenWRT (~500Mbit at 80Mhz)
ISPs: Zen Full Fibre 900 (~930Mbit down, 115Mbit up) + Three 5G (~1200Mbit down, 115Mbit up, variable)
Upgrading Laptop/Desktop CNVIo WiFi 5 cards to PCIe WiFi6e/7

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×