HOW CAN I PREVENT MY IP ADDRESS FROM BEING BLACKLISTED USING PFSENSE

johnpoz

I just looked up the IP you talked to the forum with.. And yeah its on some blacklists

But this system didn't give exact details... But there are many reasons why might get on it.. Is your IP an open relay?

Gertjan

I understand that the 'right' payload can provoke such a situation.
Upload several times some illegal video on Youtube, and as you can imagine, they won't like that.
As a mater of fact, when you share your connection with users, there is a need to protect also your LA(s), far more then your WAN's.

What might help : enforce your user identification : use a portal - and only give out access when you have copy of the user ID (extreme example) - credit card etc . Apply a common rule : you should know who you invite (to use your stuff) .... Anonymous access can really backfire on you.
Right now, some jackass is playing tricks on you. He/she who is provoking this does probably know very well what she/he is doing.

johnpoz

The 2 lists I see his current IP he used to talk to the forum point to him sending spam... I don't see why those would be blocking him from viewing youtube - but I guess this IP is new one, and already show it on couple of lists..

johnpoz

@rsohaya said in HOW CAN I PREVENT MY IP ADDRESS FROM BEING BLACKLISTED USING PFSENSE:

yes i have a thousand users on my network

Are these your users, I a private network - or are you running some sort of open network, net cafe or something where one can use if they pay sort of network? Or just get on free?

rsohaya

The users are in an open network. They are all connected the same switch and the router that has the Blacklisted IP Address.I assume that PFsense has a package you can use to filter out bad traffic going out to the internet. any ideas how i can achieve this in pfsense?
.

Bob.Dig

@rsohaya This is not possible. pfSense can protect you from spam but not the other way around I would say.

akuma1x

@rsohaya You need to figure out what "bad traffic" means - bit torrent, spam email, other stuff using some uncommon ports, then log your outbound traffic to the internet for these users. Analyze the log data, find the offending machine(s), then work from there.

However, with a thousand users on an open network, you're in quite a pickle. Do these users come and go, on and off the network?

Jeff

johnpoz

@rsohaya said in HOW CAN I PREVENT MY IP ADDRESS FROM BEING BLACKLISTED USING PFSENSE:

can use to filter out bad traffic

So you have a magic package ;) that says this is bad? You have some open network - why and the F would you allow 25 out.. .Block that shit... Really the only ports you should allow out your "open" network is 80/443 - and say the other common sending email ports 465, 587 - I would block everything else outbound..

F them for ftp, and ssh, this is some open network... To be honest you could say only 80/443 is open... Do you other business on your own network.

If you block 25 outbound - you will stop getting on spammer lists that is for sure.

rsohaya

Thanks for your inputs guys.Let me try to block some ports on my network and monitor it for a while to see if the same will happen again.

Mats

@johnpoz

simple fix, just implement https://www.ietf.org/rfc/rfc3514.txt :D

johnpoz

Haha the evil bit being set - that is a good one... But yeah blocking packets with that bit set would for sure solve all his issues. A feature request should be put in ;)

bmeeks

@Mats said in HOW CAN I PREVENT MY IP ADDRESS FROM BEING BLACKLISTED USING PFSENSE:

@johnpoz

simple fix, just implement https://www.ietf.org/rfc/rfc3514.txt :D

Wow! This rates right up there with the invention of the wheel and sliced bread ... . Now thousands of Snort/Suricata rules and millions of IP addresses on pfBlocker IP lists can all be replaced with a single firewall rule looking for and dropping packets with the evil bit set. So simple even a child can do it.