Firewall with Country Block

Discussion in 'other firewalls' started by chromex86, Jun 24, 2014.

Thread Status:
Not open for further replies.
  1. chromex86

    chromex86 Registered Member

    Joined:
    Jun 24, 2014
    Posts:
    1
    Hello,

    I'm new to WS forums so first Hello I'm Alex :).
    Getting to the point... I recently got an INTEL NUC and decided to transform it into a webserver. I've installed Windows 8.1 to it , Apahce, MySQL, PHP and Windows SSH fro Bitvise. No the issues...I've noticed that many IPs from China are constantly trying to login to my SSH server on Port 22 , it's like 5-10 different IPs per hour all from China. Does anyone know how to block la incoming traffic to my little NUC that comes from China?

    Many thanks for reading this!
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  3. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    494
    If the firewall is ON whats the problem.
    Log in attempts happen from many countries.I am seeing China ,but also Russia and USA ,or Netherlands and Baltic states.As long as the firewall works it s ok.
    No real need to block huge amount of IP ranges and loose performance.
    If some one really wants to get in deliberately it may find a way.
     
  4. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Online Armor has block by country. You could give it a try, and see if you like it. Just backup your machine before installing it in case you have any problems.
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Disregard my last post. Online Armor is not compatible with Windows 8.1
     
  6. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    Basically, you need to create firewall-rules that block all Chinese IP-ranges .
    Or you can use IP-blocker software like 'PeerBlock' .
    There are lists of all known Chinese-assigned IP-ranges available on the net, fex here :
    https://www.iblocklist.com/lists.php?category=country

    A few commercial firewalls support such lists directly, 'Outpost Pro' being one of them .
    But with most commercial windows-firewalls you will have to create the rules manually,
    that's why I also mention 'PeerBlock' ..
     
  7. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    A few thoughts...

    If your server's existence becomes public knowledge in an easily harvestable form... through domain registration records, your domain showing up in email addresses, posting links to your webserver, etc... your server will likely be probed much more frequently. Edit: Including by search engines like Shodan. Where you can, it is arguably best to block crawlers.

    If your intended usage allows for it, you could configure your server software to listen on alternate ports rather than the well-known ones. If you choose to do this, do a bit of searching to make sure the ports you intend to use aren't ones that have been used by malware and thus also a frequent target of connection attempts.

    If your usage pattern is well defined, you could could consider a deny all, allow selective approach. Whereby you block all client IP Address ranges except those you know you will be using.

    There are various sources of information for country/region IP Address assignment. Which could be used for blocking, or allowing, as you see fit. I don't know which is more accurate, but one that comes to mind is https://www.countryipblocks.net and it has some free (less frequently updated) info under Access Control Lists.

    There are other approaches... log file scanners that automatically update firewall rules to block offensive IP addresses/ranges, more elaborate intrusion detection systems, port knocking and somewhat similar approaches, etc.

    If you are getting hit from one country, you'll get hit from others too. So you might want to focus on broadly useful approaches and of course strong authentication mechanisms. Which could include public key and/or client certificate based mechanisms.
     
    Last edited: Jun 26, 2014
  8. guest

    guest Guest

    Off topic post of mine, but where did you get that info?
     
  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    I remembered someone reporting that OA was not working on Windows 8.1 at the Emsisoft forum, and I thought I remembered someone from Emsisoft recently saying it was not compatible with 8.1. Do not quote me on this. This made me go to the Online Armor download page to check for myself. Online Armor is listed as being compatible with Windows 8, but 8.1 is not listed. http://www.emsisoft.com/en/software/oa/
     
Loading...
Thread Status:
Not open for further replies.