Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[jjrowan]

I am trying to block port scans originating in the Russian Federation, thousands per day.  I entered 77.88.26.0 as the Remote IP Start and 77.88.26.255 as the Remote IP End, setting the action to Deny.  It shows in the inbound filter rules list but my linux server still receives thousands of scans daily from an ip address in that IP netblock.   My DIR-655 is running hardware version A3 and firmware 1.34NA. 

Any ideas on why the packets aren't being denied by the router?

[FurryNutz]

Is SPI enabled? Should be ON.
Try setting the TCP and UDP to endpoint independent or play with some of these settings?
Try setting 77.88.0.0 - 77.88.255.255

[jjrowan]

SPI was already checked, I changed the UDP & TCP Endpoint Filtering to be Endpoint Independent.  I'll see if it stops the probing.

[FurryNutz]

Shouldn't be getting any scans like that if the router filter is set up for it.
If it keeps doing it, I might try a FW update.

Also try this:
Ensure DNS IP addresses are being filled in under Setup/Internet/Manual?
Turn off QoS options.
Turn off Advanced DNS Services if you have this option.
Turn on DNS Relay under Setup/Networking.
Setup DHCP reserved IP addresses for all devices on the router.
Ensure devices are set to auto obtain an IP address.

[jjrowan]

After reading the Endpoint Filtering again I don't believe that has anything to do with connections initiated from the Internet into my server, it says it is for connections initiated on the LAN.
The port scans continued after changes so I added the specific IP address of the device scanning me in addition to the IP Netblock I had previously (which wasn't stopping the scans).

I don't like making too many changes at once but did, turning off QoS options.  I can not find DNS Relay under Setup/Network.  My computer are statically addressed so I don't think I need to do any DHCP reservations.  I'll check to see what the latest FW is for the DIR-655 and what features / bugs are addressed in that release.

[FurryNutz]

Ok, if you do a FW update, do the following:
Factory reset of the router.
Update FW using the .bin file.
Factory reset once more.

Up to you if you want to load a saved configuration file at this point or start from scratch and manually re-configure the router again. Sometimes it's best to start from scratch.

Keep us posted.

[jjrowan]

Factory reset not an option right now.  I host web sites, e-mail and other services via the DIR-655 and can't do this during the week, has to be off hours on a weekend. 

[FurryNutz]

ok, possible that there is a 3rd party option for the effected PC?
I would go ahead and save off the current config to file though for back up.

[Sammydad1]

Hi,

I tried this just to see what effect it might have here....  Odd thing was that when I copied and Pasted the IP ranges into the 655 setup page for Inbound filter, the upper range item kept saving as 255.255.255.255 instead of the 77.88.255.255 I kepp pasting in....

Turns out, I had to type the IP in manually in order to save (or update) it.  No copy & paste for me...

Weird...

SD1