Blocking Ip Ranges

makeitso

Hi, I'm running a local gateway on my home computer to allow my cell phone to have access to internet material. However, I've been checking the log recently and have found that there's a bunch of sites that are trying to access my gateway. I'm unsure of how far they're getting as there's some ID and password protection in the gateway program but the sites that are trying are proclaimed "proxy judge" websites most likely from China.

In any regard, is there a way to program the Bitdefender firewall to not allow any connections from certain ranges of IP's? I know IP's can be spoofed but the connections that are coming in are from relatively consistent IP's so I'd be happy with IP blocking. I've tried going to the firewall and creating a Class B rule for all programs to deny access from "source" that range of IP's However that didn't work as the logs still show that IP still getting though. Can anyone help?

alexcrist

Hi makeitso,

There are a few things you have to check.

First of all, are those IPs that try to connect from the same subnet? You cannot block a range of IPs if they are not from the same subnet (BDv11 will have this feature, but BDv10 doesn't).

Also, what log files are you talking about? BD log files, or the logs from your gateway program? Is there a way, from those logs, to find which was the destination of those IPs (your PC, or your phone)?

What if you block one single IP, just for testing. Does it work (is that IP blocked)?

And last, but not least (maybe this is the first thing you should check): after you created the rule to block the IPs (with the Class B setting), did you move that rule to the top?

If you didn't know, the rules in the BD Firewall list are ordered by their priority. In other words, the first rule has the higher priority and the last rule has the lowest. So you have to move the rule that blocks the IPs on the first position to give it the highest priority.

To move the rule, click Edit profile and search for the rule in both Inbound and Outbound lists, select the rule and move it to the top (there is a button above each list to move a rule to the top). Do this and check again if the IPs get through.

Cris.

makeitso

First of all, are those IPs that try to connect from the same subnet? You cannot block a range of IPs if they are not from the same subnet

First let me say thank you for taking the time to respond. and yes, from each of the IP's that have been logged it is the only last few digits that have the variation. The only digits that change are the "X" AAA.BBB.C.XXX under normal IP formatting.

Also, what log files are you talking about? BD log files, or the logs from your gateway program? Is there a way, from those logs, to find which was the destination of those IPs (your PC, or your phone)?

The logs are generated via my gateway program from any activity it fields. Each phone has an identifier # and password that they login with along with the IP being logged and what webpages they're requesting and what type of browser being used.

What if you block one single IP, just for testing. Does it work (is that IP blocked)?

Have not had a chance to try this yet. I'll try it the next chance I get.

And last, but not least (maybe this is the first thing you should check): after you created the rule to block the IPs (with the Class B setting), did you move that rule to the top?

No, all of them were @ the bottom and I assume that's why they were getting though. I have since changed this and have not seen additional login attempts but it's only been a few hours.

Thanks again!

alexcrist

Hi makeitso,

No, all of them were @ the bottom and I assume that's why they were getting though. I have since changed this and have not seen additional login attempts but it's only been a few hours.

I understand that by logs you meant the log files from your gateway, not from BitDefender.

If this is the case, then I think that you won't see any attempts in those logs anymore, because the attempts will be blocked by BD and they won't reach your gateway.

Just to check it, open BitDefender Management Console, go to Firewall -> Activity and click View Log. A webpage will open showing you the latest BD FW activity. Search there for some of the IPs that were trying to connect and see if they are blocked.

Thanks again!

You're very welcome. Don't hesitate to post any other questions you might have about BitDefender/IT Security

Cris.

makeitso

Hi makeitso,

I understand that by logs you meant the log files from your gateway, not from BitDefender.

If this is the case, then I think that you won't see any attempts in those logs anymore, because the attempts will be blocked by BD and they won't reach your gateway.

Just to check it, open BitDefender Management Console, go to Firewall -> Activity and click View Log. A webpage will open showing you the latest BD FW activity. Search there for some of the IPs that were trying to connect and see if they are blocked.

You're very welcome. Don't hesitate to post any other questions you might have about BitDefender/IT Security

Cris.

Thanks for your patience with me on the topic. I checked the logs and there are some blocked or "denied" attempts which is great! Now if I understood your first post correctly if I compiled a list of Class A IP's that I want to allow into my gateway (my cell phone service provider) I won't be able to specify that range in BDv10 correct? I would need to make a ruleset for the gateway program to block all IP's and then another rules for the gateway program above that one which would allow the known cell phone IP though correct?

alexcrist

Hi makeitso,

Yes, that's correct.

But you have a choice: if there are more IPs that you need to block then to allow, then you should do as you said.

If there are more IPs that you want to allow then to block, then you could just create rules to block individual IPs (you'll create less rules this way).

I know, it's very stressing. But BDv11 will have the feature to block IP ranges, so just hang in there until it is released

Cris.