This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Netgear Armor reporting "Network Attack Blocked", no logs?
Firmware V2.7.3.22
RBR50v2
To begin, I have little experience with any of this.
Not sure if I can get help here, if you can refer me to a better place, or anything really but have to start somewhere.
I just put up a server on an linux(Ubuntu server, no gui) run computer I have with minecraft for some friends and close family, we started having some issues with the server randomly dropping connections but showing up on the network but SSH and everything dropped for a short while.
Logs shows some reoccurring thing I don't remember right now, can look it up if needed, was in a sys log. My own computer showed me a shutdown timer started and dropped all network the same day the problems started (like a cmd shutdown schedule, stop it with the stop command too) after a system scan I rebooted manually and everything was back.
The server has kept dropping, more often during evenings.
I decided yesterday to try if the Armor part of the router could do anything. It has shown three "Network attack blocked, brute force hacking attempt", one the same night and two this morning. Had issues at these times with dropping connection.
The problem is I have no clue what I can or should do, how I can find out what is going on etc. I tried finding a log for the stopped attack to give me a clue but I can't seem to find any logs? I have to question the usefulness of the armor if it doesn't tell me anything actually useful.
Any help is appreciated, I feel like it might not be a false positive, but I don't know. Have some wireshark logs from my network over the entire day more or less if it would help. As of now the server is blocked from the network, will disconnect it tomorrow for now until I'm sure what's going on.
I just put up a server on an linux(Ubuntu server, no gui) run computer I have with minecraft for some friends and close family, we started having some issues with the server randomly dropping connections but showing up on the network but SSH and everything dropped for a short while.
When a server is exposed to the internet by forwarding ports through the router to the server, there are several consequences:
The router no longer examines packets directed to that port. (The user said, "leave them the h**k alone. Send them all directly to this internal IP address and I will deal with them.) The Orbi firewall, and Bitdefender Armor no longer have anything to do with these connections.
The internal server now has to face the flood of connection attempts, legitimate and illegitimate. Whereas the Orbi firewall will drop any packet that does not fit into the Network Address Translation (NAT) tables, it is now up to the internal device to accept the packets it should and reject the packets it does not want.
Ubuntu includes the same basic firewall capability that Orbi does. (Orbi is built on Open Source Linux and actually compiled on Ubuntu servers.)
My suggestion is to ensure that the server firewall is active and accepting only connections to the minecraft service and that the only ports forwarded through the Orbi to the server are those required by minecraft.
I just put up a server on an linux(Ubuntu server, no gui) run computer I have with minecraft for some friends and close family, we started having some issues with the server randomly dropping connections but showing up on the network but SSH and everything dropped for a short while.
When a server is exposed to the internet by forwarding ports through the router to the server, there are several consequences:
The router no longer examines packets directed to that port. (The user said, "leave them the h**k alone. Send them all directly to this internal IP address and I will deal with them.) The Orbi firewall, and Bitdefender Armor no longer have anything to do with these connections.
The internal server now has to face the flood of connection attempts, legitimate and illegitimate. Whereas the Orbi firewall will drop any packet that does not fit into the Network Address Translation (NAT) tables, it is now up to the internal device to accept the packets it should and reject the packets it does not want.
Ubuntu includes the same basic firewall capability that Orbi does. (Orbi is built on Open Source Linux and actually compiled on Ubuntu servers.)
My suggestion is to ensure that the server firewall is active and accepting only connections to the minecraft service and that the only ports forwarded through the Orbi to the server are those required by minecraft.
Re: Netgear Armor reporting "Network Attack Blocked", no logs?
Seems obvious as you point it out. I've now activated the firewall ufw rules to deny all incoming and added a exception only for the ports related to the Minecraft server. I hope this helps with the outages.
Still interested in verifying if I've truly had an attack or not but I appreciate the comment!
Still interested in verifying if I've truly had an attack or not but I appreciate the comment!
Oh, yes. Within minutes of the ports being opened, they were discovered by people who scan the internet constantly looking for things to explore. One can think of this activity as attacks, but there is nothing personal about it. They have no idea who you are, where you live, or what you do. It's like a person wandering through a building and seeing a door open. "Wonder what's in there?" Some are malicious, looking for specific vulnerabilities to exploit. Others are simply curious.
If minecraft servers have specific vulnerabilities, be confident that someone will attempt to exploit them.
