Block host in LAN



  • Hello guys, all machines in the diagram are set up in vmware workstation 11, pfsense version is 2.3

    The scenario is: Kali linux attacks the Trixbox Server using inviteflood (A  type of VoIP DoS attack) then Snort will generate alerts and block the attacker host.
    I use emerging-voip.rules to do that.

    Snort already generates alerts but could not block the attacker. It did work when I put Kali machine in WAN.
    Is there any way to block the attacker in LAN?
    Sorry for my bad English.
    Thanks in advance.



  • I just realize those inviteflood rules have source external network, is that why it's not working? :-X



  • how do you expect this to work? your firewall is in no way involved in traffic between lan clients


  • LAYER 8 Global Moderator

    I just don't get why we get so many questions about hosts talking to hosts on the same network and people thinking pfsense has anything to do with the traffic..

    Yet they want to use advanced tools like snort and penetration tools like kali, but don't even seem to understand networking at the most basic level..

    Sure lets rebuild that transmission in your formula one race car, my dad showed my how to add wiper fluid to my ford fiesta last week…



  • sorry, my bad background



  • @johnpoz:

    I just don't get why we get so many questions about hosts talking to hosts on the same network and people thinking pfsense has anything to do with the traffic..

    Yet they want to use advanced tools like snort and penetration tools like kali, but don't even seem to understand networking at the most basic level..

    Sure lets rebuild that transmission in your formula one race car, my dad showed my how to add wiper fluid to my ford fiesta last week…

    Yeah, it seems to have come up 3-4 times in the last week alone. Strange… And I agree that some people seem to be jumping right past the basics to advanced topics, which is a real recipe for disappointment.

    I realize everyone has to start somewhere, and everyone has holes in their knowledge, but it just seems counter intuitive to me that they don't see that they need to understand networking, subnetting, and data flow 101 before jumping to the 301 topics.


  • LAYER 8 Global Moderator

    maybe they stayed at a holiday inn express last night?


Log in to reply