Block Incoming Traffic ( Iptables-BlockAsia )

[fritsp1989]

Hello...

I am using a webserver, because i dont use it a lot i turn it off or standby all the time.
I requested a script for the n66u to wake up my webserver when i tried to acces it via http or https.
And this works but the problem is there are constant portscans from china japan asia etc.etc....
That keeps waking up my server how do i block them i tried the IPTABLE but they switch ip's so thats not effective.
Ive heard of blockasia optware... but i have no idea on how to install configure or use it.
Could someone please point me in the right direction ?

Thanks in advance

 

[AnthonyArmato]

On http://192.168.1.1/Advanced_BasicFirewall_Content.asp do you have DoS Protection enabled ?

You may be able to key in IPs on http://192.168.1.1/Advanced_Firewall_Content.asp to block.

 

[thiggins]

Where are you going to do the filtering? IPtables would be on the webserver itself.

 

[fritsp1989]

On http://192.168.1.1/Advanced_BasicFirewall_Content.asp do you have DoS Protection enabled ?

You may be able to key in IPs on http://192.168.1.1/Advanced_Firewall_Content.asp to block.

Yeah i found that option and enabled it, as for key in ip's thats for outgoing trafic so it doesnt work for me.

 

[fritsp1989]

Where are you going to do the filtering? IPtables would be on the webserver itself.

Merlin wrt uses iptables to as far as i know so the iptables should be on the router, but i do not know the exact commands for blocling out adresses.
But the ip keeps changing of the attacker so i cannot realy block it i would need to reject it by mac adress or something. But if i key in --mac and his mac adress iptables tells me that the mac adress is invalid.

 

[RMerlin]

You can't block the attacker's MAC, since he's not on your network.

All you can do is block IP blocks as a whole.

 

[fritsp1989]

You can't block the attacker's MAC, since he's not on your network.

All you can do is block IP blocks as a whole.

Thanks for the tip , but can you explain a little on how to do that ?
Do i ad them to the iptable ? If so whats the command and how do i find out the ip range ?

Thanks

 

[RMerlin]

See this tutorial on how to drop IPs or IP blocks through iptables.

There's no simple method on how to determine which block to drop. You will have to query APNIC/ARIN databases with the IPs used by your visitor, and determine the IP block to which that specific IP belongs. Quite honestly, it's probably best to work the other way around, and restrict which IP you do want to allow to connect to your web server. I posted an example on the Wiki on how to restrict access to a service to a specific IP. If they are on dynamic IPs, then you will once again need to open a whole IP range (and possibly many, as most ISPs own multiple IP blocks).

 

[Nerre]

Would Asiablock be able to run on under Asuswrt-Merlin?

Asiablock can, as far as I understand, block ranges based on countries.

From what I can tell is is just a script, but I guess it uses a few commands that might need to be installed as optware.

I had a quick look at the script but it was quite big.