This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Simple Way to block IP adresses

I have figured out, that someone is accessing my Icecast streaming server every second.

I would like to avoid that this IP is able to get through the firewall, as it happend it in the moment.

I only could find very old discussions, which are not very usseful for me.  In my opinion, it should be possible to do it with a system like Sophos UTM!

Thanks for your support,

Hans-Georg



This thread was automatically locked due to age.
Parents
  • If you have a port open that is vulnerable to it, yes, it's possible.  Please do not believe that any system is 100% secure.

    That being said, you probably need to audit your setup.  Can you also post the logs that show the intrusion?

    If it is a static IP or DNS name, you can create a network definition, then give them a blackhole route so anything they get is just dropped, or re-direct them to something else.  I like messing with these people who do this, so I'd re-direct them to a porn site or something obnoxious.  But that's just me. Smiley

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • I currently have only PHP error_logs from my own programm, which I use to filter Streaming access.
    But the target of this IP is to create traffic to disturb my system. Of cource I also would like to go in touch which him/her, but how if you only have a IP? The IPLookup says Likely Static IP!

    Could you give me a more detailed description what you mean with create a network definition for an external IP and do nothing with it?

    Thanks,

    Hans-Georg

Reply
  • I currently have only PHP error_logs from my own programm, which I use to filter Streaming access.
    But the target of this IP is to create traffic to disturb my system. Of cource I also would like to go in touch which him/her, but how if you only have a IP? The IPLookup says Likely Static IP!

    Could you give me a more detailed description what you mean with create a network definition for an external IP and do nothing with it?

    Thanks,

    Hans-Georg

Children
  • Create an entry for that IP:

    Then add the Network creating a blackhole route.  This is for dropping traffic to them from you.

    If you want to stop entry, you will need to look at what port they are coming in on the UTM and shut down that port or access.  This will buy you some time until you can do that.

    You can use Country Blocking, you can add a drop rule using the network definition you created, and you can even contact their ISP to inform them of them intruding into your system.  Just look up the IP address on any available IP/Domain lookup as it will have contact information for an ISP that holds that IP address.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)