Anyone good with blocking IP's on a server?

Monica Lewinsky · 06-02-09, 09:33 PM

Have my own home server based on Windows Small Business Server 2003 called Windows Home Server.

Geting whacked every 3-4 hours from b.s. client[s] connections in China trying to automatically hack into it looking for old versions of email hosting that I don't even have installed.

Got their IP's blocked with with IIS [Internet Information Services Manger], just tired of seeing the main reports of people accessing my server are hackers. Other than buying a Sonic Wall device got any ideas what to try instead of spending $400 bucks for a hardware solution?

SUBMAN1 · 06-02-09, 09:48 PM

Quote:

Originally Posted by Monica Lewinsky

Have my own home server based on Windows Small Business Server 2003 called Windows Home Server.

Geting whacked every 3-4 hours from b.s. client[s] connections in China trying to automatically hack into it looking for old versions of email hosting that I don't even have installed.

Got their IP's blocked with with IIS [Internet Information Services Manger], just tired of seeing the main reports of people accessing my server are hackers. Other than buying a Sonic Wall device got any ideas what to try instead of spending $400 bucks for a hardware solution?

That's normal. Not a big deal. You will never stop it.

Of course, you can always limit what IP ranges people can see your server from, but this will only stop 50% of the China guys. They will just bounce off some local machine to get to you.

The point being is, quit worrying about it.

-S

PS. And make sure you always patch!

CaptainHaplo · 06-03-09, 06:19 PM

Lots of options here. The cheapest is if you have a old desktop lying around. Build a linux kernel to have the thing run as a router with a decent IOS, and just set up your access list. If its spare box, the OS won't cost you a dime, so its free. Can't get a better price.

Second option, set up a software firewall. There is a cost for commercial good ones.

Depends on the usage your looking at - it may be best to get a real router with IOS firewall - and if your looking at lots or traffic and critical data - don't skimp and pony up for a true cisco. Their license costs for IOS are excellent - I think my last IOS update was like 6 bucks a router.

Now Subman is right, if your on the net you can use Best Practices, but there is never a guarantee.

However, if you know what the majority are looking for...... set up a honeypot and steer them to that. This way, you can track em, watch em, learn from em even, all the while they never touch the real part of your network.

I love honeypots. I use one pretty much on a consistent basis and have honestly learned ALOT about security because of them.

SUBMAN1 · 06-03-09, 08:55 PM

In response to Captain Haplo's idea - m0n0wall. Its a professional solution. Enough said.

Won't help you though. I spent years tracking and blocking and they have so many zombie machines, you cannot stop them.

What exactly are they attacking is a better question? If its your website, forget about it. You can't do a thing.

-S

Monica Lewinsky · 06-24-09, 09:36 PM

Quote:

Originally Posted by SUBMAN1

What exactly are they attacking is a better question? If its your website, forget about it. You can't do a thing.
-S

Kinda disappointing to see the fifth place user being a Chinese bot sniffer to my site.

I understand your point[s]. THX guys.

06-02-09, 09:33 PM	#1
Monica Lewinsky Grey Wolf Join Date: Mar 2007 Posts: 845 Downloads: 11 Uploads: 0	Anyone good with blocking IP's on a server? Have my own home server based on Windows Small Business Server 2003 called Windows Home Server. Geting whacked every 3-4 hours from b.s. client[s] connections in China trying to automatically hack into it looking for old versions of email hosting that I don't even have installed. Got their IP's blocked with with IIS [Internet Information Services Manger], just tired of seeing the main reports of people accessing my server are hackers. Other than buying a Sonic Wall device got any ideas what to try instead of spending $400 bucks for a hardware solution? __________________ Sink them all!

06-03-09, 06:19 PM	#3
CaptainHaplo Silent Hunter Join Date: Apr 2007 Posts: 4,404 Downloads: 29 Uploads: 0	Lots of options here. The cheapest is if you have a old desktop lying around. Build a linux kernel to have the thing run as a router with a decent IOS, and just set up your access list. If its spare box, the OS won't cost you a dime, so its free. Can't get a better price. Second option, set up a software firewall. There is a cost for commercial good ones. Depends on the usage your looking at - it may be best to get a real router with IOS firewall - and if your looking at lots or traffic and critical data - don't skimp and pony up for a true cisco. Their license costs for IOS are excellent - I think my last IOS update was like 6 bucks a router. Now Subman is right, if your on the net you can use Best Practices, but there is never a guarantee. However, if you know what the majority are looking for...... set up a honeypot and steer them to that. This way, you can track em, watch em, learn from em even, all the while they never touch the real part of your network. I love honeypots. I use one pretty much on a consistent basis and have honestly learned ALOT about security because of them. __________________ Good Hunting! Captain Haplo

06-03-09, 08:55 PM	#4
SUBMAN1 Rear Admiral Join Date: Apr 2005 Posts: 11,866 Downloads: 0 Uploads: 0	In response to Captain Haplo's idea - m0n0wall. Its a professional solution. Enough said. Won't help you though. I spent years tracking and blocking and they have so many zombie machines, you cannot stop them. What exactly are they attacking is a better question? If its your website, forget about it. You can't do a thing. -S __________________