Firewall Block Lists

Toggle sidebar Toggle sidebar
Solution
failboat
The average router shouldn't be letting port scans happen.
Only use port forwarding if you have a reason for inbound connections. Features like upnp and dmz hosts are very insecure.
Creating a real dmz is much safer.

Intrusion detection is a very good way to monitor your network activity.
pfsense and ipfire have Snort as a default service that can be enabled.
It's updated with rules to monitor and quarantine bad behaviors.

It's a pain to setup, because it blocks all encrypted traffic.
You can white list all the encrypted stuff or do it one ip at a time.

https://www.snort.org/

You can use an old x86 computer to run your router, its going to need a dual nic card.
I'd recommend something very low power if you decide to go with this...
Sort by date Sort by votes
B

bill001g

Titan
Aug 9, 2012
28,306
2,749
125,640
For your average user you do not need this because NAT will stop everything pretty much. The router will just discard any traffic because it does not know which machine to send the incoming scan to. It is almost a wast of time to use these lists. True hackers constantly change IP addresses. All you would likely end up doing is block all the addresses for some of the popular hosting or vpn services. There might be function you want to use on those sites.

Almost all modern firewall detect the pattern of attacks and dynamically block attacks.....again this really is only applies to someone who has a machine actually exposed to the internet.
 
Upvote 0 Downvote
failboat

failboat

Splendid
Feb 19, 2010
1,905
51
21,390
The average router shouldn't be letting port scans happen.
Only use port forwarding if you have a reason for inbound connections. Features like upnp and dmz hosts are very insecure.
Creating a real dmz is much safer.

Intrusion detection is a very good way to monitor your network activity.
pfsense and ipfire have Snort as a default service that can be enabled.
It's updated with rules to monitor and quarantine bad behaviors.

It's a pain to setup, because it blocks all encrypted traffic.
You can white list all the encrypted stuff or do it one ip at a time.

https://www.snort.org/

You can use an old x86 computer to run your router, its going to need a dual nic card.
I'd recommend something very low power if you decide to go with this long term.
If you have anything not being used try it out, all the software is free.
 
Upvote 0 Downvote
Solution
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom