Country Block
-
our domain name service provider is through network solutions. We reside in the US. I am not sure how you would be able to track down multiple DNS servers that the Blackberry's would end up using. I would image that our DNS servers are ok since browsing of our site and recieve incoming SMTP seems to be working ok, which would use our DNS. This problem seems to be somewhere along the lines of affecting BlackBerry devices that are connecting over owa using the Blackberry RIM service. Example of connection https://mail.ourdomain.com/owa
As far as knowing if they are hitting out of US DNS servers, I am not really sure how to find that out.
Thanks,
Matt
-
Try to traceroute the traffic from the blackberry. Could be so that they use a subvendor for specific traffic and he is located in one of the blocked countries.
-
Perhaps the following KB article from blackberry.com will help:
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB11036&sliceId=SAL_Public&dialogID=69199896&stateId=0%200%20692%2001325
Are these blocks being blocked?
-
dpg2
This was very helpful. I went to the countrysipblocks.net and checked the IP's by CIDR, and it looks as if all BlackBerry service goes to either United Kingdom or Canada, mostly Canada. And yes I have both of them blocked. I did not try a trace route yet. I am supprised to see that it appears all BlackBerry servers our not in the States, not one at all??? So if this is totally accurate how would I allow only those CIDRS and block the rest of the Country?
Thanks,
Matt
-
Research in Motion is a Canadian company with its headquarters in Waterloo, Ontario.
I guess you need an 'allow' rule for the Blackberry blocks ahead of the 'deny' rules that the Country Block package puts in place. I'm not sure how flexible the Country Block package is for that sort of thing.
I believe the 'URL Table Aliases' package may offer a solution since the address blocks can be handled as aliases and governed by rules directly in the web interface. Perhaps you could share a Blackberry IP list from an internal server (or the pfsense box itself) and access it via a local URL (or just add the BB blocks to a regular alias, there aren't that many of them), and do the same with a list copied from countrysipblocks.net.
-
I can not get country block to stay running for the life of me. I have cron running the script every five minutes and I know it is executing because I have the its output logged to a temporary file and the timestamp is correct. It seems to be working but it always says "not running" in red.
-
Use Firefox to see it.
-
I was about to kick myself in the head because I have become so accustomed to chrome and I forget I am using it. However, firefox yields the same results for me.
-
Are you rendering the page in FF or IE??
-
Ok this really goes in the DUR department. Refreshing the page works wonders lol. In both ff and chrome.
-
DUR?? Forgive for not beeing native to the lanquage ;)
Ok this really goes in the DUR department. Refreshing the page works wonders lol. In both ff and chrome.
-
not working on pfsense 2.0,.. can you please check? ???
-
I can't think of a reason why it wouldn't work, but then again I never bothered to test on 2.0 beta. Hopefully I will find sometime in the next couple of days to check it out.
I do need this package to work on 2.0 so I will get it working shortly.
-
Thanks Tomy :)
-
Really good package Tommy, thanks for your help.
-
I am currently running 1.2.3-RELEASE and thanks on the post with information on BlackBerry. I was able to find the CIDR range our BB are using for service. The only thing I am still trying to figure out is how to block the rest of the Country without manually creating an ALIAS list of CANADA IP's? I noticed that the texted is correct under the package interface when making a change to the firewall, that you must save/update the Country Block package to get it running again everytime you make a firewall change. Country Block itself seems to run good without the help of cron. What I think would be neat is to be able to do a block all country and then input an unblock CIDR option under the selected country, that way the whole country would be blocked other than a specified CIDR or list of CIDR's and ranges. Something else I think would be cool is having a log or barnyard dump of data so you can see statistics on blocked country IP's and where the major attacks and brech attempts are comning from.
The package itself is very cool and in early development, but yet is is so effective. I would love to see the Country Block package become a standard integrated part of the pfsense install along with a few other packages such as IP Block, SNORT, Deep Packet Inspection, and E-mail filtering forwarder.
Thanks for all the support and help on this package.
Matt
-
Why don't you locate the store for the canadian IPs on your local file system and remove the IP range in question?
-
g4m3c4ck
Not sure how to go about doing this? ???
Thanks,
Matt
-
Could it be setup so that those rules were applied at the end so that any allows above it in the firewall rules would allow the traffic. I am ssuming 2 things of course. 1. That the rules apply top down… 2. That the package can be configured as such.
Great package when I learned a couple of painful lessons.... ;D
-
g4m3c4ck
Not sure how to go about doing this? ???
Thanks,
Matt
Right now there is no really decent way to remove IPs from the countryblock table. I will have to make a whitelist addon for the package. Hopefully I can sit down and do that soon. I just haven't had the time.