Re: [AFMUG] Dropping Chinese & Korean IP's in Mikrotik

Mon, 11 May 2015 04:52:58 -0700

I have a perl script that watches are bind logs for Denied queries and places those ips in a list then we add that list to our drop all rule in the gateways for 30days. This is one level we use to prevent poisoning of dns or cash probes. 
It has seemed to help with a whole bunch of other things as well.


On 5/8/2015 3:51 PM, Glen Waldrop wrote:
The problem we run into is that those same folks that are attacking our equipment are attacking the equipment behind our routers.
It is comparatively simple to secure our routers, not quite as easy to secure everything behind them, stuff that isn't ours. 

    ----- Original Message -----
    *From:* Sean Heskett <mailto:[email protected]>
    *To:* [email protected] <mailto:[email protected]>
    *Sent:* Friday, May 08, 2015 3:33 PM
    *Subject:* Re: [AFMUG] Dropping Chinese & Korean IP's in Mikrotik

    Plus whenever the net neutrality rules kick in it'll be illegal.

    Shouldn't be necessary if you have your firewalls setup correctly.

    2 cents

    -Sean


    On Friday, May 8, 2015, Paul Stewart <[email protected]
    <mailto:[email protected]>> wrote:

        Ouch… are you sure you want to do that?  I wouldn’t ever tell
        someone how to run their company or network but you are just
        hiding in my opinion from the problems you are possibly
        having.  What about Romania for example?

        I’ve seen a few ISP’s block whole countries and it wasn’t
        pretty…. People couldn’t email relatives in those countries,
        couldn’t pull up websites, companies/business customers
        couldn’t conduct business etc etc….

        Just a thought J

        Paul

        *From:* Af [mailto:[email protected]
        <javascript:_e(%7B%7D,'cvml','[email protected]');>] *On
        Behalf Of *Michael Gawlowski
        *Sent:* Friday, May 8, 2015 3:25 PM
        *To:* [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');>
        *Subject:* [AFMUG] Dropping Chinese & Korean IP's in Mikrotik

        I have a blocklist of IP’s and CIDR ranges that I would like
        to add in my mikrotik 1100’s and 2011’s.  Two questions:

        1)What is the best way to add these without doing one address
        or subnet at a time?

        2)Will there be a significant impact on router performance
        from adding so many rules in the firewall filter?  Most of
        these routers are expected to handle about 50-150Mbps
        depending on the model and location.

        Thank you,

        Mike Gawlowski

        Triad Wireless, LLC

        4226 S. 37^th ST

        Phoenix, AZ 85040

        (602)-426-0542

        Triadwireless.net



--

Reply via email to