NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Is there something like fail2ban for teh FVS336Gv3?
We run an asterisk PBX behind the FVS336Gv3. We have remote users who need to connect to the pbx, so SIP traffic is routed through the FVS336Gv3 to the PBX. There are lots of scanners out there that try brute force attacks on different extensions. Because we have strong passwords, theses attacks fail, but the pbx log is full of them. Is there a way to ban an IP address dynamically at the FVS336, after 20 attempts to connect within a fice seconds or something similar?
Thank you
4 Replies
Dane,
Thanks for your responce. I should have mentioned in my original post that I have made these rules manually, but as soon as I block on IP or group of IPs, another one pops up. So what I really would like to do is to have a dynamic inbound rule, that kicks in on any IP according to parameters that I would set, for instance twenty attempts within five seconds. The ban could either expire after a set period of time, like an hour, or I could clear it out every week or so. Do you know of any way to do that?
Thanks
It seems that there is no option on the FVS336Gv3 settings to configure exactly the way you have described. Kindly try the following:
1. On the web-GUI of the FVS336Gv3, go to Security > Firewall > Attack Checks. Check the following boxes: Enable Stealth Mode, Block TCP Flood and Block UDP Flood. As reference, kindly read pages 268-270 of the FVS336Gv3 reference manual here about Manage Protection Against Common Network Attacks.
2. On the web-GUI of the FVS336Gv3, go to Security > Firewall > Session Limit. Then, set the liimits for IPv4 Sessions. As reference, kindly read pages 274-276 of the FVS336Gv3 reference manual here about Set Limits for IPv4 Sessions.
Regards,
DaneA
NETGEAR Community Team
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
