Blocking Incoming Requests
-
So, the problem is not having forwarded the vnc, ssh, https or even age of empires net play (haha), those are intentional, the only thing I need its to drop requests that I KNOW I dont need. And why is this not happening in the more logical way? Its my config wrong or its my pf box being a rebel that does what ever it wants?
Post a screenshot of your WAN FW rules
-
Here they are…
Thanx...
 -
Try this
-
Use "IPv4" instead "v4+v6"
-
Use "server / gateway / cctv" as destination (instead * )
-
Use "server ports / gateway ports / cctv ports" as port (instead * )
Also make sure that your "Alias" are correct.
"captura de pantalla" that sounds "Spanish" to me…. Sabes que existe una Sección del Foro en Español ;)
-
-
Well you rules on your wan would block any access from stuff in your malicious alias before it hits your forward. So if your using pfblocker to include all the countries you do not like in that alias then they would be blocked.
Keep in mind there is a shitton of noise on the net, if you open ports - especially standard ports to common stuff they will see traffic. And yes they will try to login with stuff like vnc, ssh, telnet, ftp, rdp, etc. To be honest if you want to access this stuff remote you should vpn into your network.
What is funny if don't see any hits on your first block - so maybe there is something wrong with your alias?
-
@ptt:
Try this
-
Use "IPv4" instead "v4+v6"
-
Use "server / gateway / cctv" as destination (instead * )
-
Use "server ports / gateway ports / cctv ports" as port (instead * )
Also make sure that your "Alias" are correct.
"captura de pantalla" that sounds "Spanish" to me…. Sabes que existe una Sección del Foro en Español ;)
Thanx, ive just tested this way aaaaand… Nothing changed... Ive actually thought everything was ready cause I havent seen weird traffic, but then it came to me that it was to good to be true so I blocked the IP for another network I control, I went to that network and tried to connect to mine, and... well, there it was, everything available... So, maybe the suggestion about the aliases? Ill attach a scap.
And about the spanish thing, "here in my pueblo is pretty much lo mismo", beeing the south neighbor forces you to use both languages as one... Its just globalization... :-\
 -
-
You do understand out of the box all inbound are blocked? So you forwarded these ports to something inside.. VNC?? Really - that is not every secure..
If you want to block specific countries from using your port forwards, then block them via pfblocker
Symple way: Redirect all request from outSide to the default port from vnc "5900" to a BlackHole
Change the default port from VNC to samething else.And tested…...
-
johnpoz gave you the answer in comment #6. Use a vpn. The real bad guys won't resolve to a domain, ip lists can't possibly be up to date by the minute so you will always be left with a hole. I know you are not the CIA, but use a vpn and then you can forget all this other nonsense keeping you busy but still leaving a hole :-)
Richard
-
The only services open to the public are those that you want open to the public.. If you do not like the noise, and sure its not secure.. VNC for example.. Do not open it to the public - vpn in..
Security through Obscurity is NOT security!!! Changing the port to something other than its standard might remove some log noise, but it does not in the least change the security issue of it being open to the public in the first place.
-
Absolutely seconded. Forget the idea of blocking half of the world just because there might be some bad guys out there somewhere, you'll end up doing an infinite rat race that is completely pointless. Use a VPN instead that offers you a trusted channel that you can yourself control to a very fine degree. VPNs are a bread and butter solution of this modern day and they should be always used where possible.
-
Well, after reading all your generous comments, yeap, I DO have a VPN for personal use and all the important things, ive actually disabled vnc and all non critic services, so I only can use then via vpn, but, the thing is, actually is this impossible? It should be like an standar feature.
-
"actually is this impossible? It should be like an standar feature."
what is impossible?
