Some advice on security with a Billion 7800N?
I am a home user with a Billion 7800N running 1.06e firmware, I am a long line user far from my local exchange and am very happy with my 7800N performance ane reliability - its ugly, but a good bit of kit and was a great purchase.
I have a Synology NAS on my home network and a few other devices (HTPC) which I access remotely as I work away from home a lot.
A while back my NAS began coming under sustained login attempts from random IP addresses and briefly (due entirely to a mistake by myself) was accessed by one of these attacks (I forgot to disable guest access, duh!). Remote access attempts are made constantly through the day and night.
Now I know this is actually nothing unusual and software is used constantly by "people" on the net constantly probing for vulnerabilities in other peoples networks. What this means for me is that my server is constantly subject to login attempts and has an ever growing list of banned IP addresses after 5 failed attempts e.g.:
Warning,Connection,2013/08/30 21:08:44,SYSTEM,User [postgres] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 21:08:40,SYSTEM,User [postgres] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 21:08:36,SYSTEM,User [postgres] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 21:08:33,SYSTEM,User [root] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 21:08:29,SYSTEM,User [a] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:07:06,SYSTEM,User [aaaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:06:57,SYSTEM,User [aaaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:06:53,SYSTEM,User [aaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:06:47,SYSTEM,User [aaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:06:42,SYSTEM,User [aaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,System,2013/08/30 14:07:04,SYSTEM,Host [116.204.96.233] was blocked via [SSH].
Warning,System,2013/08/31 16:50:29,SYSTEM,Host [203.223.191.2] was blocked via [SSH].
Warning,System,2013/08/30 21:08:43,SYSTEM,Host [79.142.244.1] was blocked via [SSH].
I have security measures e.g. firewall / passwords / IP blocker in place but was wondering whether I can use the MAC filtering to prevent these miscreants getting past my router and therefore cut down on the hack attempts?
Anyone do this and does it work? Any advice appreciated ......
Cheers big ears!
C
Using MAC filter to limit remote access to network
-
Chunkers
- Posts: 11
- Joined: Sun Feb 12, 2012 1:03 pm
-
billion_fan
- Posts: 5398
- Joined: Tue Jul 19, 2011 4:30 pm
Re: Using MAC filter to limit remote access to network
I don't think the MAC filtering will work, your best bet is use the packet filtering section and add only allowed IP address to access the NAS, via ports, so every other IP WAN should be blocked from accessing your NAS (this will only apply if fixed WAN IP are only accessing your NAS device)Chunkers wrote:Some advice on security with a Billion 7800N?
I am a home user with a Billion 7800N running 1.06e firmware, I am a long line user far from my local exchange and am very happy with my 7800N performance ane reliability - its ugly, but a good bit of kit and was a great purchase.
I have a Synology NAS on my home network and a few other devices (HTPC) which I access remotely as I work away from home a lot.
A while back my NAS began coming under sustained login attempts from random IP addresses and briefly (due entirely to a mistake by myself) was accessed by one of these attacks (I forgot to disable guest access, duh!). Remote access attempts are made constantly through the day and night.
Now I know this is actually nothing unusual and software is used constantly by "people" on the net constantly probing for vulnerabilities in other peoples networks. What this means for me is that my server is constantly subject to login attempts and has an ever growing list of banned IP addresses after 5 failed attempts e.g.:
Warning,Connection,2013/08/30 21:08:44,SYSTEM,User [postgres] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 21:08:40,SYSTEM,User [postgres] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 21:08:36,SYSTEM,User [postgres] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 21:08:33,SYSTEM,User [root] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 21:08:29,SYSTEM,User [a] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:07:06,SYSTEM,User [aaaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:06:57,SYSTEM,User [aaaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:06:53,SYSTEM,User [aaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:06:47,SYSTEM,User [aaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:06:42,SYSTEM,User [aaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,System,2013/08/30 14:07:04,SYSTEM,Host [116.204.96.233] was blocked via [SSH].
Warning,System,2013/08/31 16:50:29,SYSTEM,Host [203.223.191.2] was blocked via [SSH].
Warning,System,2013/08/30 21:08:43,SYSTEM,Host [79.142.244.1] was blocked via [SSH].
I have security measures e.g. firewall / passwords / IP blocker in place but was wondering whether I can use the MAC filtering to prevent these miscreants getting past my router and therefore cut down on the hack attempts?
Anyone do this and does it work? Any advice appreciated ......
Cheers big ears!
C
-
Chunkers
- Posts: 11
- Joined: Sun Feb 12, 2012 1:03 pm
Re: Using MAC filter to limit remote access to network
OK, thanks for the advice. I really appreciate your suggestion but might be an issue when I am on the go, I'll give it some thought.
Cheers!
Chunks
Cheers!
Chunks
-
billion_fan
- Posts: 5398
- Joined: Tue Jul 19, 2011 4:30 pm
Re: Using MAC filter to limit remote access to network
When you are are on the go, you can use the PPTP connectionChunkers wrote:OK, thanks for the advice. I really appreciate your suggestion but might be an issue when I am on the go, I'll give it some thought.
Cheers!
Chunks