cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
red
New Contributor

NetVanta 3430 block .cn domain

Jump to solution

I implemented a filter policy on the 3430 firewall to drop connections that are trying brute force attacks on our servers. Even though I can block by subnet I was wondering if it would be possible to do it by domain instead. I know we should not expect any connections from .cn, .ru, .il, etc and it would be much easier to block at that level then waiting until a new attack from a new network in .cn shows up so we can block it.

Thanks.

-Marco

0 Kudos
1 Solution

Accepted Solutions
jayh
Honored Contributor
Honored Contributor

Re: NetVanta 3430 block .cn domain

Jump to solution

It isn't really practical to do it by domain, and rDNS can be easily manipulated. You can get some results by blocking by origin AS if you are connected by BGP with at least one full table, and also filter large IP blocks if not.

Also consider fail2ban on your servers.  http://http://en.wikipedia.org/wiki/Fail2ban

View solution in original post

0 Kudos
2 Replies
jayh
Honored Contributor
Honored Contributor

Re: NetVanta 3430 block .cn domain

Jump to solution

It isn't really practical to do it by domain, and rDNS can be easily manipulated. You can get some results by blocking by origin AS if you are connected by BGP with at least one full table, and also filter large IP blocks if not.

Also consider fail2ban on your servers.  http://http://en.wikipedia.org/wiki/Fail2ban

View solution in original post

0 Kudos
red
New Contributor

Re: NetVanta 3430 block .cn domain

Jump to solution

Jayh, thanks for the feedback. I will look into fail2ban.