Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Denying Access from certain blocks of IP addresses

Status
Not open for further replies.
BadDog

BadDog

MIS
Aug 19, 1999
166
0
0
US
I get a ton of brute force login attempts from certain IP addresses, mostly from the same block. Is there a way to deny all access from that block of addresses? Thanks.
 
Sort by date Sort by votes
With a firewall.

You really shouldn't even be allowing that kind of traffic directly off the internet from any address. If people need to access over the internet you should set up a VPN.

 
Upvote 0 Downvote
Also, if its the same block all the time, save your logs, and find out what ISP those blocks belong to. Report them, and foward the logs.

Matt J.
 
Upvote 0 Downvote
It is a web server/ mail server/ and ftp server, so there are legitimate Internet users. The ISP is in Asia, so I am doubtful that they will care one way or the other. I am wondering if there is a way to block their entire block of IP addresses for every service/port any ideas.
 
Upvote 0 Downvote
Still with a firewall, am I missing something? Just add a rule to your firewall that allows no traffic from those IP's.

ALso what kind of logon on attempts are you talking about? NT logons or just logons to the ftp or mail server? You still should not be allowing traffic to that machine that allows NT logon attempts.

From what you mentioned the only traffic I would be allowing to that machine would be FTP, SMTP HTTP and maybe HTTPS.

If you mean is there something built in to NT to do this I don't think so. The only thing I could think of as a workaround might be static routes that sent all traffic from the bad IP's to the wrong place?



 
Upvote 0 Downvote
I think the best way will be a firewall.

By default drop all requests and allow only the requests from IP-blocks you can trust.

I did it for the office i work for and have no troubles instead.

Greetings
 
Upvote 0 Downvote
Any suggestions for a good firewall, one that isn't too expensive?
 
Upvote 0 Downvote
Why don't you just go get a Linksys router. You can port foward whatever you need, and the rest of the communications you don't want will be stopped at the router. Inexpensive hardware solution versus a costly Cisco one, and you avoid loading invasive firewall softwares on your nt server.

Matt J.
 
Upvote 0 Downvote
The problem with port forwarding, as I understand it, is that there is tons of legitimate traffic on the ports that are being targeted (smtp, ftp, http). I need (want) to block certain blocks of IP addresses, not ports.
 
Upvote 0 Downvote
I suggest a Netscreen Firewall. It can also behave like a router if that would be neccesary. You can block adressranges for all ports and all subnets within various configs.
 
Upvote 0 Downvote
Even if you dont have or cant get a firewall. Are you behind a router. If yes have your network people set up ACL's on the router.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
184
goombawaho
goombawaho
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
188
mangentle
mangentle
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
75
hairlessupportmonkey
hairlessupportmonkey
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
133
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
143
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top