Menu
What's new
By:
Filters Better Search

Attack from a Chineese friend ?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

@ryzhov_al - your script looks promising, I would like to try it, but is there something like for Synology NAS, that I can allow one country (lets say France) and block all the rest??

Here I would have to select all the countries in the world, in this case I guess it would be better to allow IPs from "user whitelisted" countries and deny all other IPs
 
ryzhov_al said:
My PPTP server on RT-N66U is continuously bombed from Chinese IPs. With no reason.

So I blocked incoming connections from China with ipset. This how-to helps to reject incoming connections only, while transit traffic (from WAN to LAN clients) remains unblocked.
Click to expand...
i am tested with this and block for test slovenian country and the peer still can connect to my udpxy server? what i am doing wrong? the script seems to working but do not block incoming connection...
 
ryzhov_al said:
Hey, my router started his own twitter!:) https://twitter.com/home_router
Looks like hack attempts comes from every corner of the world. So, there's no sense to block specific countries.
Click to expand...

Nice one...

peraburek said:
mega cool
mega cool :) next step - add WHOIS IP to your tweet :)
Click to expand...

I usually run an SSH server on port 443 externally - can sometimes help when some firewall thinks people inside should only ever be surfing the web :)
And that gets rid of nearly every attack (the odd port scan by my ISP now stands out).
I combine this with sslh to point genuine HTTPS connections at a known closed socket, but redirect SSH to the actual socket (this is not on my router but on a small server I run behind it, so these are ideas for cross-compiling etc rather than immediately available suggestions).

And then for my SMTP server I'm now using p0f to passively detect the OS of the source (lloks at the characteristics of the SYN+ACK), and other people have then reported success with a rule of thumb to "drop all connections from Windows when the country is other than US, UK, and your home country" (some large US mail servers still run on Windows). If nothing else, p0f might add a bit of colour ("SSH attack from a Windows XP machine in....").
 
  • Like
Reactions: DaM
You must log in or register to reply here.

Similar threads

R
Prevent SSH Disconnect / Timeout around ~ 105-116 seconds from last activity on terminal session
Replies
7
Views
1K
ColinTaylor
C
M
ac86u Dual core occupancy is 100% and stuck
Replies
1
Views
588
drinkingbird
drinkingbird
K
Issue with system log for Asus AX88U
Replies
1
Views
1K
ColinTaylor
C
K
System log information
Replies
1
Views
2K
ColinTaylor
C
garycnew
[DEVEL] Asuswrt-Merlin Remote Log Server (Syslog & Syslog-ng Synergy) to Centralize Primary Router & AiMesh Node System Logs
2
Replies
28
Views
9K
garycnew
garycnew
Similar threads
Thread starter Title Forum Replies Date
H DNS-rebind attack detected: farm.plista.com. etc...?? Asuswrt-Merlin 3
R Evil Twin Attack Prevention? Asuswrt-Merlin 3
B AiDisks under password guessing attack Asuswrt-Merlin 4
TanyaC Possible DNS-Rebind attack detected and unresponsive router plus one more Asuswrt-Merlin 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 828 (members: 32, guests: 796)
Top