HOW CAN I PREVENT MY IP ADDRESS FROM BEING BLACKLISTED USING PFSENSE
-
There are many reasons to get on a blacklist.. There are many different types of blacklists... Without some details of one or ones you are on - its really not possible for us to help you try and track down who might be doing it.
If it spam block, then you could look to see which clients are sending traffic out 25, etc. But spam block wouldn't stop you from viewing youtube ;)
PM me the IP that is on the blacklist, and I will look to see what it says so maybe can point you in direction to get started tracking down the offender(s)
-
I just looked up the IP you talked to the forum with.. And yeah its on some blacklists
But this system didn't give exact details... But there are many reasons why might get on it.. Is your IP an open relay?
-
I understand that the 'right' payload can provoke such a situation.
Upload several times some illegal video on Youtube, and as you can imagine, they won't like that.
As a mater of fact, when you share your connection with users, there is a need to protect also your LA(s), far more then your WAN's.What might help : enforce your user identification : use a portal - and only give out access when you have copy of the user ID (extreme example) - credit card etc . Apply a common rule : you should know who you invite (to use your stuff) .... Anonymous access can really backfire on you.
Right now, some jackass is playing tricks on you. He/she who is provoking this does probably know very well what she/he is doing. -
The 2 lists I see his current IP he used to talk to the forum point to him sending spam... I don't see why those would be blocking him from viewing youtube - but I guess this IP is new one, and already show it on couple of lists..
-
@rsohaya said in HOW CAN I PREVENT MY IP ADDRESS FROM BEING BLACKLISTED USING PFSENSE:
yes i have a thousand users on my network
Are these your users, I a private network - or are you running some sort of open network, net cafe or something where one can use if they pay sort of network? Or just get on free?
-
The users are in an open network. They are all connected the same switch and the router that has the Blacklisted IP Address.I assume that PFsense has a package you can use to filter out bad traffic going out to the internet. any ideas how i can achieve this in pfsense?
. -
@rsohaya This is not possible. pfSense can protect you from spam but not the other way around I would say.
-
@rsohaya You need to figure out what "bad traffic" means - bit torrent, spam email, other stuff using some uncommon ports, then log your outbound traffic to the internet for these users. Analyze the log data, find the offending machine(s), then work from there.
However, with a thousand users on an open network, you're in quite a pickle. Do these users come and go, on and off the network?
Jeff
-
@rsohaya said in HOW CAN I PREVENT MY IP ADDRESS FROM BEING BLACKLISTED USING PFSENSE:
can use to filter out bad traffic
So you have a magic package ;) that says this is bad? You have some open network - why and the F would you allow 25 out.. .Block that shit... Really the only ports you should allow out your "open" network is 80/443 - and say the other common sending email ports 465, 587 - I would block everything else outbound..
F them for ftp, and ssh, this is some open network... To be honest you could say only 80/443 is open... Do you other business on your own network.
If you block 25 outbound - you will stop getting on spammer lists that is for sure.
-
Thanks for your inputs guys.Let me try to block some ports on my network and monitor it for a while to see if the same will happen again.
-
simple fix, just implement https://www.ietf.org/rfc/rfc3514.txt :D
-
Haha the evil bit being set - that is a good one... But yeah blocking packets with that bit set would for sure solve all his issues. A feature request should be put in ;)
-
@Mats said in HOW CAN I PREVENT MY IP ADDRESS FROM BEING BLACKLISTED USING PFSENSE:
simple fix, just implement https://www.ietf.org/rfc/rfc3514.txt :D
Wow! This rates right up there with the invention of the wheel and sliced bread ...
. Now thousands of Snort/Suricata rules and millions of IP addresses on pfBlocker IP lists can all be replaced with a single firewall rule looking for and dropping packets with the evil bit set. So simple even a child can do it.
