Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[gajahduduk]

How do I block a particular IP from accessing my network entirely?  I have a hacker with a known IP I want to shut out. 

I tried creating a DENY inbound filter (with just that IP as the range) but that didn't seem to work.  that hacker kept being able to attempt logins.

[FurryNutz]

How is your firewall setup? Is he getting thru that?
Try setting up Mac address filtering possibly?

[gajahduduk]

i don't really have a firewall setup per se.  everything is done though port forwarding and virtual server etc.

the firewall settings are

enable SPI (on)
udp endpoint filtering: address restricted
tcp endpoint filtering: port and address restricted

anti-spoof checking: off

enable dmz: off

all boxes under ALG section are checked.

how could mac adddress filtering worK? isn't that related to computers that can connect on your LAN? i'm talking about the WAN here.

[Cobra]

i don't really have a firewall setup per se.  everything is done though port forwarding and virtual server etc.

the firewall settings are

enable SPI (on)
udp endpoint filtering: address restricted
tcp endpoint filtering: port and address restricted

anti-spoof checking: off

enable dmz: off

all boxes under ALG section are checked.

how could mac adddress filtering worK? isn't that related to computers that can connect on your LAN? i'm talking about the WAN here.

Wow...What did you click on to see those setting?

I know it had to say:
   
 

You do not need to worry about the WAN if your LAN is secure which I would imagine the router is blocking this IP in the firewall.

I see rejected IP's in the log all the time.

[gajahduduk]

yes, of course, firewall settings.  i'm not "worried" ... but still this guy is trying to hack my computer. he'll fail. but i still want to know how to shut out his IP totally. has to be a way.

[Hard Harry]

He is trying to "hack" your computer? Could you explain? How did he get your IP, and couldn't you change it? Exactly what IP of his are you blocking? Do you know its even static? Do you know he is only going to be trying to "hack" you from that one location? And even if so he could use a proxy, or mask, or any other countless countermeasures. I think your trying to kill a fly with sledge hammer, no offense. Maybe if we better understood the true threat we could give better advice?

[gajahduduk]

yeah he's trying to login via SSH, trying random passwords.  who knows how he got the IP, probably just random, using port scanning.  I can't easily change my IP; it's dynamic but it rarely is changed. anyway, i don't see how it matters, if i catch something like that in my log I just want to be able block that IP totally.  Again, I feel there must be a way to do that at the router.

[FurryNutz]

I would ask your ISP if they would change your modems IP address and get you new NEW address.
I would also recommend changing your LAN IP address scheme addressing as well. Default for most home routers is 192.168. I recommend trying 10.0.1.1 or 172.0.1.1. The routers ip address can be anything and doesn't have to always be 192.168. I made my IP address scheme from my house address number.

I presume this guy is not on your network and outside somewhere?
If so then get his IP address and try and setup INBOUND Filter option.