NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Netgear Armor reporting "Network Attack Blocked", no logs?
Firmware V2.7.3.22 RBR50v2 To begin, I have little experience with any of this. Not sure if I can get help here, if you can refer me to a better place, or anything really but have to start some...
Pigelt wrote:
I just put up a server on an linux(Ubuntu server, no gui) run computer I have with minecraft for some friends and close family, we started having some issues with the server randomly dropping connections but showing up on the network but SSH and everything dropped for a short while.
When a server is exposed to the internet by forwarding ports through the router to the server, there are several consequences:
- The router no longer examines packets directed to that port. (The user said, "leave them the h**k alone. Send them all directly to this internal IP address and I will deal with them.) The Orbi firewall, and Bitdefender Armor no longer have anything to do with these connections.
- The internal server now has to face the flood of connection attempts, legitimate and illegitimate. Whereas the Orbi firewall will drop any packet that does not fit into the Network Address Translation (NAT) tables, it is now up to the internal device to accept the packets it should and reject the packets it does not want.
- Ubuntu includes the same basic firewall capability that Orbi does. (Orbi is built on Open Source Linux and actually compiled on Ubuntu servers.)
My suggestion is to ensure that the server firewall is active and accepting only connections to the minecraft service and that the only ports forwarded through the Orbi to the server are those required by minecraft.
Pigelt wrote:
I just put up a server on an linux(Ubuntu server, no gui) run computer I have with minecraft for some friends and close family, we started having some issues with the server randomly dropping connections but showing up on the network but SSH and everything dropped for a short while.
When a server is exposed to the internet by forwarding ports through the router to the server, there are several consequences:
- The router no longer examines packets directed to that port. (The user said, "leave them the h**k alone. Send them all directly to this internal IP address and I will deal with them.) The Orbi firewall, and Bitdefender Armor no longer have anything to do with these connections.
- The internal server now has to face the flood of connection attempts, legitimate and illegitimate. Whereas the Orbi firewall will drop any packet that does not fit into the Network Address Translation (NAT) tables, it is now up to the internal device to accept the packets it should and reject the packets it does not want.
- Ubuntu includes the same basic firewall capability that Orbi does. (Orbi is built on Open Source Linux and actually compiled on Ubuntu servers.)
My suggestion is to ensure that the server firewall is active and accepting only connections to the minecraft service and that the only ports forwarded through the Orbi to the server are those required by minecraft.
Seems obvious as you point it out. I've now activated the firewall ufw rules to deny all incoming and added a exception only for the ports related to the Minecraft server. I hope this helps with the outages.
Still interested in verifying if I've truly had an attack or not but I appreciate the comment!
Pigelt wrote:
Still interested in verifying if I've truly had an attack or not but I appreciate the comment!
Oh, yes. Within minutes of the ports being opened, they were discovered by people who scan the internet constantly looking for things to explore. One can think of this activity as attacks, but there is nothing personal about it. They have no idea who you are, where you live, or what you do. It's like a person wandering through a building and seeing a door open. "Wonder what's in there?" Some are malicious, looking for specific vulnerabilities to exploit. Others are simply curious.
If minecraft servers have specific vulnerabilities, be confident that someone will attempt to exploit them.