Emerging Threats Blocking

[SHANE523]

I am coming from an EdgeRouter so bare with me.

 

With the EdgeMax we could script and use CLI for some setup. Before I purchased the XR500 I was monitoring my EdgeRouter using PRTG and noticed a lot of probing from Russia and China which got me to think I need to just block those IP blocks. There is no "easy" way to do this in any interface but someone had written a script to do this, it was a lightweight and I set mine up to run every couple of days through a cron job.

 

Is there a way something like this could be implemented for NetDuma?

 

Here is the site we used in the script to get the Emerging Threat IP addresses.

https://iplists.firehol.org/

 

 

EmergingThreatsScript.txt

[Netduma Fraser]

I could be wrong but I would say that the demand isn't there for most users. It's a gaming router with gaming features, it's not meant to have advanced features such as this that 99% of people wouldn't touch. As I say I could be wrong, if the demand was there that could be something the development team would look into but it's unlikely at this stage. Cool concept though for sure.

[SHANE523]

Yes it is a gaming router but it also acts as your network firewall. If it wasn't, why have NAT, UPnP and so on, just let everything through?

 

I would also think that there isn't a single person that has a router wouldn't want threats blocked before they could even attempt a hack.

I don't want to speculate on what users use on their networks, most may use nothing that they access from outside their home but I know more and more people are with security systems, cameras, media servers, SAN devices and so on. Those ports are typically forwarded which means those ports can be probed as open and someone can try and access the device. My personal experience is China probing port 3389 which is NOT a good thing! Fortunately I have a unique setup with strong passwords on top of it so I was "covered" but you never know.

[Netduma Crossy]

Hi Shane,

 

Thanks's fo the feedback. CLI access and running custom scripts isn't something we're going to support. It would be a tech support nightmare!

 

We are considering adding country blocking in the future which may be something you are interested in.

 

The software (unless UPnP is being used) won't open any ports unless they are specified by the user (through the Settings page on the interface). The router's inbuilt firewall blocks any remaining incoming packets by default.

[BIG__DOG]

you could run the netduma behind the edgerouter or edgerouter lite and run your script that way. Ubiquiti have just released this week v1.10  of edgemax incase you was unaware with some major upgrades to the firmware.

As Netduma have stated it is not something that the average consumer or gamer would want, use or know what to do as that is some heavy network tinkering.

 

https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-10-0/ba-p/2233263

 

 

 

 

 

B.D