NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

DOCINATOR's avatar
DOCINATOR
Tutor
Jan 12, 2021

how to block incoming connections by their IP address

I run several servers (FTP, Remote desktop,MySQL). Netbots are continually attempting to connect and login. Is there a way to block these INcoming IP  addresses? I have already used Windows Firewall ...
antinode's avatar
antinode
Guru
Jan 12, 2021

> I run several servers (FTP, Remote desktop,MySQL). [...]

 

> [...] Is there a way to block these INcoming IP addresses? [...]

 

   Not by address, but a reasonably effective method is to use
non-standard external port numbers in your port-forwarding rules.  This
requires some extra effort (specifying the non-default port number) for
legitimate connections, but that's often a one-time operation.

 

   Some primitive FTP clients might have some difficulty with
non-standard ports, but using passive mode often helps.

DOCINATOR's avatar
DOCINATOR
Tutor
Jan 12, 2021

For remote desktop, I do use non-standard ports for each of my machines. For my FTP server, I use passive connections, strong ID's & passwords. I will have to consider using an odd port for that too. It just bothers me that my CPU and OS have to handle these constant interrupts, thus slowing down my performance (although with my recently installed Intel 9700K, it isn't THAT bad anymore). I would think that it should not be that hard for the firmware to store a list of IP's (defined by me in the Security section of the interface) to be ignored. I could extract then from the log and copy/paste them as needed. Yes, I CAN do that with the OS's firewall, but again, that's CPU and I/O interruptions.

  • antinode's avatar
    antinode
    Guru
    Jan 12, 2021

    > [...] For my FTP server, [...] I will have to consider using an odd
    > port for that too. [...]

     

       If you're sufficiently annoyed by the break-in attempts.  I run an
    exposed FTP server, and I'd estimate that I typically see a few serious
    password-guessing attempts per month, but seldom repeated attacks from
    one remote address.

     

    > [...] It just bothers me that my CPU and OS have to handle these
    > constant interrupts, [...]

     

       I don't see much of a resource drain.  Or "constant" anything.

     

    > [...] I would think that it should not be that hard for the firmware
    > to store a list of IP's (defined by me in the Security section of the
    > interface) to be ignored. [...]


       You could be right, but Netgear firmware for consumer-grade routers
    is chronically buggy, so it might make very little sense to (or for)
    Netgear to invest resources in a feature which will be used by such a
    small fraction of its customers, when it has so many more important
    problems to solve.  Like deciding which existing features to remove, in
    order to make room for new, revenue-generating features.  One of which
    this wouldn't be.

     

       Beside which, I wouldn't bet on their ability to implement it
    correctly.

     

       Yet another potential waste of time and effort:

     

          https://community.netgear.com/t5/x/idb-p/idea-exchange-for-home

    • DOCINATOR's avatar
      DOCINATOR
      Tutor
      Jan 20, 2021

      Yes, I see your point about expense to add features. I worked at IBM and saw that happen all the time. Bottom-line management. But my Nighthawk R7000 has worked flawessly and has excellent features.

      PS. By "constant", I mean that my system is being probed every 3-8 seconds, all day. Hitting my web, FTP, Minecraft and MySql ports (all renumbered from originals, of course).