Hi all...
The bain of every network managers life - security on remote access!!!
I've got an FTP server access to this is port forwarded from my internet router to wingate - then redireced via Wingate itself. The contents of this FTP server are backed up every night. All users have a login of course. Ports 20 &21 are of course open.
It all works, and our staff are accessing this from home. I've created an event for this so I can keep tracking usage.
No suprise, when I look I see IP addresses from China, USA and other countries in there - all our users are soley UK based. Obviously the only security I have here are of course usernames and passwords.
Now, the only way to blackhole these IP addresses, is to go to the log, note the rogue IP address, and then type this into the blackhole list. Copy and paste does not work because the input box is a different format. I realise that I could have a full time job here in putting such addresses in - is there a quicker way to blackhole these? What other security could I put in place?
Thanks in advance.
Steve
Blacklisting IP addresses
Moderator: Qbik Staff
7 posts
• Page 1 of 1
Blacklisting IP addresses
by stobby256 » Jan 08 14 3:48 am
- stobby256
- Posts: 33
- Joined: Sep 17 13 7:39 am
Re: Blacklisting IP addresses
by labull » Jan 08 14 7:07 am
Hi Steve!
I think you can create a policy to do this for you. You can use Session - ClientIP - Country to check if it equals GB.
I haven't tried it but it looks like all the parts are there.
Also be aware that the clever bad guys (may they burn in hades) will figure ways to spoof their IP address so it's not 100% fool proof.
Larry
I think you can create a policy to do this for you. You can use Session - ClientIP - Country to check if it equals GB.
I haven't tried it but it looks like all the parts are there.
Also be aware that the clever bad guys (may they burn in hades) will figure ways to spoof their IP address so it's not 100% fool proof.
Larry
WinGate Lurker
- labull
- WinGate Guru
- Posts: 710
- Joined: Sep 06 03 1:03 am
- Location: Washington, DC - USA
Re: Blacklisting IP addresses
by stobby256 » Jan 08 14 7:56 am
Thanks Larry.
Yep - aware of spoofing... but anything I can do to lock it down would be great.
Anyone anyideas on how to create that policy?
Steve
Yep - aware of spoofing... but anything I can do to lock it down would be great.
Anyone anyideas on how to create that policy?
Steve
- stobby256
- Posts: 33
- Joined: Sep 17 13 7:39 am
Re: Blacklisting IP addresses
by labull » Jan 08 14 8:58 am
You could try a policy like the one attached.
If I was more clever I'd remember how to put a screen shot here too.
If I was more clever I'd remember how to put a screen shot here too.
- Attachments
-
FTP Connection by Country Checker.zip- Policy Check for GB country domain
- (1.25 KiB) Downloaded 241 times
WinGate Lurker
- labull
- WinGate Guru
- Posts: 710
- Joined: Sep 06 03 1:03 am
- Location: Washington, DC - USA
Re: Blacklisting IP addresses
by labull » Jan 08 14 4:40 pm
Actually, that policy might need a bit of work - it should first check if the IP is private.
WinGate Lurker
- labull
- WinGate Guru
- Posts: 710
- Joined: Sep 06 03 1:03 am
- Location: Washington, DC - USA
Re: Blacklisting IP addresses
by adrien » Jan 08 14 9:18 pm
Larry, the policy looks good.
Probably don't need to check if the IP is private, if the proxy is only bound to external, the IP won't be private. I'd recommend in any case if there's a FTP proxy for reverse, it should be different than for forward proxying (for LAN-based clients).
Adrien
Probably don't need to check if the IP is private, if the proxy is only bound to external, the IP won't be private. I'd recommend in any case if there's a FTP proxy for reverse, it should be different than for forward proxying (for LAN-based clients).
Adrien
- adrien
- Qbik Staff
- Posts: 5443
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 137 guests