pfblocker defend rdp/rds brute force attacks
somehow I will not be smart from the whole guide ...
What is the easiest way to block an attack from ip4 addresses? (Terminal with rds)
Ibound / or outbound rules?
For example, if I enable geoip blocking on a country-by-country basis, outlook (exchange online) will stop working.
I think because the ms servers are partly in the usa ...
Someone a simple idea?
Many thanks in advance!
You can either whitelist only those addresses that are allowed in, or you can put it all behind a VPN. I always try to avoid hanging services out on the Internet.
we already had that.
Vpn is not comfortable for the user.
The connection takes place via pc / mobile / etc. devices.
These get usually every 4-24 hours a new ip and there are many external users ...
It's about the connection from the internet.
I assumed that you can use this addon exactly for such a scenario. Only I will not be smart, how?
We have rds blocker on the servers themselves, behind pfsense.
Snort or Suricata will try to catch exploits as they enter your network. I don't use them so don't ask me how to configure. Other than that there isn't much you can do from a pfSense perspective.
Security through obscurity.. (if you believe that..)
Use a different port number. That will keep some of it down.