Results 1 to 7 of 7

Thread: need help

  1. #1
    Untangler
    Join Date
    Jan 2009
    Posts
    69

    Default need help

    i have checked my reports and i have noticed something suspicious.

    in the firewall events under the client tab i have noticed an ip that is not a private block and is trying to get access to my ip that i got from my isp.

    it points to a firewall rule

    does anyone try to hack into untangle and gain access.

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Quote Originally Posted by CHLOR View Post
    in the firewall events under the client tab i have noticed an ip that is not a private block and is trying to get access to my ip that i got from my isp.
    also known as inbound traffic.

    maybe you should post a screenshot or better describe what is giving you cause for concern.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    Jan 2009
    Posts
    69

    Default

    by default i have firewall set to block. i only have port 80,443,53 outbound only and 3389 outbound and inbound .
    if i only have 3389 for outbound rdp will not work.

    the ip points to a firewall rule for outbound rdp

    i never had this issue since i installed untangle 2 years ago.

  4. #4
    Untangler
    Join Date
    Jan 2009
    Posts
    69

    Default

    the connections are coming from Turkey and China

    and how should i set a firewall for remote desktop, maybe i have my rule set wrong way.

    but rdp does work

  5. #5
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    if you don't want to allow those connections then I would only explicitly allow RDP connections from the IPs you want.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Untangler
    Join Date
    Jan 2009
    Posts
    69

    Default

    but how come i never had these ips trying to gain access

    should i have both inbound and outbound rules for RDP

  7. #7
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,040

    Default

    You're not being very clear. You had a few IPs get blocked by your firewall, which is what it is supposed to do, so what exactly are you concerned about?

    People scan IPs all the time. I just took a quick look at one of my hosts and it presently has 8,167 IPs in it's ban list because of active scanning. And that's just hosts that tried to hack into it in the last week.

    If you want absolute security, disable all outside access into your network. If you allow some access either control it by IP or make sure that the exposed service is hardened to withstand attack via strong passwords, adaptive blocking, etc.
    m.


    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.

    It often helps troubleshooting if you have a good network map. Look here if you want my advice on how to draw one.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2