Using MAC filter to limit remote access to network
Posted: Sat Aug 31, 2013 5:34 pm
Some advice on security with a Billion 7800N?
I am a home user with a Billion 7800N running 1.06e firmware, I am a long line user far from my local exchange and am very happy with my 7800N performance ane reliability - its ugly, but a good bit of kit and was a great purchase.
I have a Synology NAS on my home network and a few other devices (HTPC) which I access remotely as I work away from home a lot.
A while back my NAS began coming under sustained login attempts from random IP addresses and briefly (due entirely to a mistake by myself) was accessed by one of these attacks (I forgot to disable guest access, duh!). Remote access attempts are made constantly through the day and night.
Now I know this is actually nothing unusual and software is used constantly by "people" on the net constantly probing for vulnerabilities in other peoples networks. What this means for me is that my server is constantly subject to login attempts and has an ever growing list of banned IP addresses after 5 failed attempts e.g.:
Warning,Connection,2013/08/30 21:08:44,SYSTEM,User [postgres] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 21:08:40,SYSTEM,User [postgres] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 21:08:36,SYSTEM,User [postgres] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 21:08:33,SYSTEM,User [root] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 21:08:29,SYSTEM,User [a] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:07:06,SYSTEM,User [aaaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:06:57,SYSTEM,User [aaaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:06:53,SYSTEM,User [aaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:06:47,SYSTEM,User [aaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:06:42,SYSTEM,User [aaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,System,2013/08/30 14:07:04,SYSTEM,Host [116.204.96.233] was blocked via [SSH].
Warning,System,2013/08/31 16:50:29,SYSTEM,Host [203.223.191.2] was blocked via [SSH].
Warning,System,2013/08/30 21:08:43,SYSTEM,Host [79.142.244.1] was blocked via [SSH].
I have security measures e.g. firewall / passwords / IP blocker in place but was wondering whether I can use the MAC filtering to prevent these miscreants getting past my router and therefore cut down on the hack attempts?
Anyone do this and does it work? Any advice appreciated ......
Cheers big ears!
C
I am a home user with a Billion 7800N running 1.06e firmware, I am a long line user far from my local exchange and am very happy with my 7800N performance ane reliability - its ugly, but a good bit of kit and was a great purchase.
I have a Synology NAS on my home network and a few other devices (HTPC) which I access remotely as I work away from home a lot.
A while back my NAS began coming under sustained login attempts from random IP addresses and briefly (due entirely to a mistake by myself) was accessed by one of these attacks (I forgot to disable guest access, duh!). Remote access attempts are made constantly through the day and night.
Now I know this is actually nothing unusual and software is used constantly by "people" on the net constantly probing for vulnerabilities in other peoples networks. What this means for me is that my server is constantly subject to login attempts and has an ever growing list of banned IP addresses after 5 failed attempts e.g.:
Warning,Connection,2013/08/30 21:08:44,SYSTEM,User [postgres] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 21:08:40,SYSTEM,User [postgres] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 21:08:36,SYSTEM,User [postgres] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 21:08:33,SYSTEM,User [root] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 21:08:29,SYSTEM,User [a] from [79.142.244.1] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:07:06,SYSTEM,User [aaaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:06:57,SYSTEM,User [aaaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:06:53,SYSTEM,User [aaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:06:47,SYSTEM,User [aaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,Connection,2013/08/30 14:06:42,SYSTEM,User [aaa] from [116.204.96.233] failed to log in via [SSH] due to authorization failure.
Warning,System,2013/08/30 14:07:04,SYSTEM,Host [116.204.96.233] was blocked via [SSH].
Warning,System,2013/08/31 16:50:29,SYSTEM,Host [203.223.191.2] was blocked via [SSH].
Warning,System,2013/08/30 21:08:43,SYSTEM,Host [79.142.244.1] was blocked via [SSH].
I have security measures e.g. firewall / passwords / IP blocker in place but was wondering whether I can use the MAC filtering to prevent these miscreants getting past my router and therefore cut down on the hack attempts?
Anyone do this and does it work? Any advice appreciated ......
Cheers big ears!
C