how to block incoming connections by their IP address

Question

I run several servers (FTP, Remote desktop,MySQL). Netbots are continually attempting to connect and login. Is there a way to block these INcoming IP&nbsp; addresses? I have already used Windows Firewall rules and FTP server rules, to block failed login attempts, but they keep hammering my router on multiple ports, looking for ways to try to login. I'd like to stop them at the WAN level, before my OS even sees them. Is there way to do that on my Netgear R7000?

DOCINATOR · Answer

Yes, I see your point about expense to add features. I worked at IBM and saw that happen all the time. Bottom-line management. But my Nighthawk R7000 has worked flawessly and has excellent features.PS. By "constant", I mean that my system is being probed every 3-8 seconds, all day. Hitting my web, FTP, Minecraft and MySql ports (all renumbered from originals, of course).&nbsp;

microchip8 · Answer

No

antinode · Answer

&gt; I run several servers (FTP, Remote desktop,MySQL). [...]&nbsp;&gt; [...] Is there a way to block these INcoming IP addresses? [...]&nbsp;&nbsp;&nbsp; Not by address, but a reasonably effective method is to usenon-standard external port numbers in your port-forwarding rules.&nbsp; Thisrequires some extra effort (specifying the non-default port number) forlegitimate connections, but that's often a one-time operation.&nbsp;&nbsp;&nbsp; Some primitive FTP clients might have some difficulty withnon-standard ports, but using passive mode often helps.

DOCINATOR · Answer

For remote desktop, I do use non-standard ports for each of my machines. For my FTP server, I use passive connections, strong ID's &amp; passwords. I will have to consider using an odd port for that too. It just bothers me that my CPU and OS have to handle these constant interrupts, thus slowing down my performance (although with my recently installed Intel 9700K, it isn't THAT bad anymore). I would think that it should not be that hard for the firmware to store a list of IP's (defined by me in the Security section of the interface) to be ignored. I could extract then from the log and copy/paste them as needed. Yes, I CAN do that with the OS's firewall, but again, that's CPU and I/O interruptions.

antinode · Answer

&gt; [...] For my FTP server, [...] I will have to consider using an odd&gt; port for that too. [...]&nbsp;&nbsp;&nbsp; If you're sufficiently annoyed by the break-in attempts.&nbsp; I run anexposed FTP server, and I'd estimate that I typically see a few seriouspassword-guessing attempts per month, but seldom repeated attacks fromone remote address.&nbsp;&gt; [...] It just bothers me that my CPU and OS have to handle these&gt; constant interrupts, [...]&nbsp;&nbsp;&nbsp; I don't see much of a resource drain.&nbsp; Or "constant" anything.&nbsp;&gt; [...] I would think that it should not be that hard for the firmware&gt; to store a list of IP's (defined by me in the Security section of the&gt; interface) to be ignored. [...]&nbsp;&nbsp; You could be right, but Netgear firmware for consumer-grade routersis chronically buggy, so it might make very little sense to (or for)Netgear to invest resources in a feature which will be used by such asmall fraction of its customers, when it has so many more importantproblems to solve.&nbsp; Like deciding which existing features to remove, inorder to make room for new, revenue-generating features.&nbsp; One of whichthis wouldn't be.&nbsp;&nbsp;&nbsp; Beside which, I wouldn't bet on their ability to implement itcorrectly.&nbsp;&nbsp;&nbsp; Yet another potential waste of time and effort:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; https://community.netgear.com/t5/x/idb-p/idea-exchange-for-home

Forum Discussion

how to block incoming connections by their IP address

5 Replies