Adtran
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
red
New Contributor
‎10-04-2014 02:05 PM

NetVanta 3430 block .cn domain

Jump to solution

I implemented a filter policy on the 3430 firewall to drop connections that are trying brute force attacks on our servers. Even though I can block by subnet I was wondering if it would be possible to do it by domain instead. I know we should not expect any connections from .cn, .ru, .il, etc and it would be much easier to block at that level then waiting until a new attack from a new network in .cn shows up so we can block it.

Thanks.

-Marco

0 Kudos
Reply
1 Solution

Accepted Solutions
jayh
Honored Contributor
Honored Contributor
‎10-05-2014 10:58 PM

Re: NetVanta 3430 block .cn domain

Jump to solution

It isn't really practical to do it by domain, and rDNS can be easily manipulated. You can get some results by blocking by origin AS if you are connected by BGP with at least one full table, and also filter large IP blocks if not.

Also consider fail2ban on your servers.  http://http://en.wikipedia.org/wiki/Fail2ban

View solution in original post

0 Kudos
Reply
2 Replies
jayh
Honored Contributor
Honored Contributor
‎10-05-2014 10:58 PM

Re: NetVanta 3430 block .cn domain

Jump to solution

It isn't really practical to do it by domain, and rDNS can be easily manipulated. You can get some results by blocking by origin AS if you are connected by BGP with at least one full table, and also filter large IP blocks if not.

Also consider fail2ban on your servers.  http://http://en.wikipedia.org/wiki/Fail2ban

0 Kudos
Reply
red
New Contributor
‎10-07-2014 07:57 AM

Re: NetVanta 3430 block .cn domain

Jump to solution

Jayh, thanks for the feedback. I will look into fail2ban.

0 Kudos
Accept as Solution Reply