IP hammering my firewall


#1

So i just looked at my log file and noticed an IP address just poking away on my firewall. Did some serching in the logfiles and found out that he hit my firewall over 2000 times in 9hrs.


So do people do anything when you come across these kind of attacks, or just hope it stops?

As far as i can see the firewall blocks everything, I even added it too deny list that i’ve got on the top of my firewall.


#2

Russia script kiddies then again maybe not. You could block everything from that particular Russian ISP. See Tom’s video on pfBlocker.


#3

Well i’m using pfBlocker =) Everything is locked down on my firewall. On my accept rules i only accept connections from my own country. And on the top is pfBlocker top v4 and top v6 blocked. There is no reason for anyone from a nother country to connect to my firewall :slight_smile:


#4

Sounds you are ahead of the game. They will keep trying, I get a lot from SA and Asia intermittently,


#5

This video is about what to do with the logs with PfBlocker and Suricata installed. His example seems very similar to your situation and setup.