Need to ban IP address for port scanning or multiple failed ftp/rdp logon attempts

Discussion in 'Networking' started by imported_nunya, Dec 13, 2007.

  1. imported_nunya

    imported_nunya Senior member

    Joined:
    Jul 15, 2005
    Messages:
    612
    Likes Received:
    0
    So I've been on the phone and web all day now trying to find a piece of hardware or software to do this. I need something that will recognize a port scan and block that IP, and also recognize repeated ftp/rdp logon attemps and block those. I'm looking for something under 1k, so far the only things I've found are a 5k cisco box and a 9k juniper box. If anyone has a suggestion I'm open to just about anything.
     
  2. Loading...

    Similar Threads - address port scanning Forum Date
    Router for Port Forwarding Multiple Public IP Addresses Networking Nov 19, 2013
    firefox is accesses the loopback address on port 1071 Networking May 28, 2007
    how do you ping an ip address and port number Networking Aug 15, 2005
    Port forwarding to broadcast address Networking Oct 19, 2004
    IP address of DSL modem in WAN port? Networking Sep 14, 2004

  3. James Bond

    James Bond Diamond Member

    Joined:
    Jan 21, 2005
    Messages:
    6,025
    Likes Received:
    0
    Why not just keep all ports blocked that aren't being used?

    Is it always coming from the same IP?? If so, just deny that IP in your ACL.

    It would help if you gave more information -- How is the network set up? Is this some home network with a SOHO router, or a corporate, or what?
     
  4. skyking

    skyking Lifer

    Joined:
    Nov 21, 2001
    Messages:
    18,058
    Likes Received:
    180
    move the router remote management port to a higher nonstandard port, and protect it with a strong password.
    Only open ports when you need to use them.
     
  5. spidey07

    spidey07 No Lifer

    Joined:
    Aug 4, 2000
    Messages:
    65,481
    Likes Received:
    2
    This is what is known as Internet background noise.

    Some more details would be helpful.

    In otherwords, what are you really trying to do here and what is the network evironment.