F5F Stay Refreshed Power Users Networks Prevent blocked IPs from connecting to your network.

Prevent blocked IPs from connecting to your network.

Prevent blocked IPs from connecting to your network.

G
Grggles
Member
Find
163
04-09-2016, 07:24 PM
#1
I searched without success and understand the easiest way is to turn it off completely. Context: My home server uses RDP with port forwarding, allowing remote access from outside my home network. I tend to use it more when away than when I’m present. My question: How can I prevent specific IP addresses from reaching my server entirely? I have a log file from my router showing all attempts that tried to connect and would ignore manual checks. My Netgear Nighthawk router has no built-in feature to block certain IPs specifically. Is there a workaround that doesn’t require changing port forwarding or replacing the router? Perhaps a system in place to block any IP with even one failed login attempt? If needed, I’m okay turning off port forwarding but would prefer not to. As mentioned, I access the server more when I’m not home.
Reply
Reply
G
Grggles
04-09-2016, 07:24 PM #1

I searched without success and understand the easiest way is to turn it off completely. Context: My home server uses RDP with port forwarding, allowing remote access from outside my home network. I tend to use it more when away than when I’m present. My question: How can I prevent specific IP addresses from reaching my server entirely? I have a log file from my router showing all attempts that tried to connect and would ignore manual checks. My Netgear Nighthawk router has no built-in feature to block certain IPs specifically. Is there a workaround that doesn’t require changing port forwarding or replacing the router? Perhaps a system in place to block any IP with even one failed login attempt? If needed, I’m okay turning off port forwarding but would prefer not to. As mentioned, I access the server more when I’m not home.

Reply
Reply
S
SevensGamer
Member
Find
154
04-10-2016, 06:55 PM
#2
That is a MAJOR no no. Looking at the spec sheet of your router, it seems it supports OpenVPN Connect server to access to your network from outside. Set up your own VPN and connect to your networking using that VPN. Dont go out forwarding 3389, 445 and 139 out in the open.
Reply
Reply
S
SevensGamer
04-10-2016, 06:55 PM #2

That is a MAJOR no no. Looking at the spec sheet of your router, it seems it supports OpenVPN Connect server to access to your network from outside. Set up your own VPN and connect to your networking using that VPN. Dont go out forwarding 3389, 445 and 139 out in the open.

Reply
Reply
I
iamxxdiddyxx
Junior Member
Find
5
04-11-2016, 06:29 PM
#3
This method is effective for gaining unauthorized access. As mentioned, utilize an OpenVPN Access Server to connect to your network.
Reply
Reply
I
iamxxdiddyxx
04-11-2016, 06:29 PM #3

This method is effective for gaining unauthorized access. As mentioned, utilize an OpenVPN Access Server to connect to your network.

Reply
Reply
A
AlmightyEag
Posting Freak
Find
785
04-11-2016, 08:31 PM
#4
Never send any ports to others...
Reply
Reply
A
AlmightyEag
04-11-2016, 08:31 PM #4

Never send any ports to others...

Reply
Reply
S
Semmie_B
Junior Member
Find
5
04-11-2016, 09:11 PM
#5
It seems the evidence doesn't indicate any transfer of SMB, just RDP activity, which is also clearly not allowed.
Reply
Reply
S
Semmie_B
04-11-2016, 09:11 PM #5

It seems the evidence doesn't indicate any transfer of SMB, just RDP activity, which is also clearly not allowed.

Reply
Reply
J
Jackolope33
Member
Find
164
04-15-2016, 12:36 PM
#6
Sending traffic through port 3389 is a serious mistake. Stick with the VPN recommended in your firewall settings. I've dealt with this issue repeatedly across many clients. Once an external IP is blocked, the bot just changes to another one. Avoid relying on geo-blocking either—hackers can easily use servers on bypassed networks. You won't be able to block attacking IPs directly.
Reply
Reply
J
Jackolope33
04-15-2016, 12:36 PM #6

Sending traffic through port 3389 is a serious mistake. Stick with the VPN recommended in your firewall settings. I've dealt with this issue repeatedly across many clients. Once an external IP is blocked, the bot just changes to another one. Avoid relying on geo-blocking either—hackers can easily use servers on bypassed networks. You won't be able to block attacking IPs directly.

Reply
Reply
R
rosie2435
Senior Member
Find
475
04-15-2016, 04:03 PM
#7
Geoblocking provides some level of security. My server records previously showed many attempts to exploit my web and SSH servers, but they ceased once I restricted incoming traffic to just the US and EU via the router. It’s not a perfect solution, but if you’re certain access will only come from a specific country, it adds another defense layer—reducing log clutter as well. Every additional barrier makes it harder for bots to succeed, and it minimizes unnecessary CPU usage by dropping traffic directly at the firewall instead of sending it all to the server.
Reply
Reply
R
rosie2435
04-15-2016, 04:03 PM #7

Geoblocking provides some level of security. My server records previously showed many attempts to exploit my web and SSH servers, but they ceased once I restricted incoming traffic to just the US and EU via the router. It’s not a perfect solution, but if you’re certain access will only come from a specific country, it adds another defense layer—reducing log clutter as well. Every additional barrier makes it harder for bots to succeed, and it minimizes unnecessary CPU usage by dropping traffic directly at the firewall instead of sending it all to the server.

Reply
Reply