02-14-2015 02:00 PM - edited 03-11-2019 10:30 PM
Two questions:
1). In my processes table I see the following:
Name | Description | Protocol | Port | Local Address | Foreign Address |
---|
ntpclient | NTP Client | udp | 13531 | (my WAN IP number) | 218.75.4.130 |
I have another ntpclient to the expect time server. But the one listed above is located in CHINA, (at least the registration). I haven't knowingly set this up. How did it get in my Processes table and should it be a security concern?
2). Can entire countries be blocked? I'm thinking it's impractical to do by registered IP ranges; is there another way? My concern is that I have no legitimate business reason to connect with certain countries most know for sourcing hacking attacks of various types. It seems if I block them, it can reduce the risk of successful attacks to my network. I understand that IP can be spoofed so this would not guarantee blocking attacks originating from those countries, but if it can help to reduce attacks to my network, I would like to implement the blocking.
02-16-2015 07:28 AM
You can block by country with the Sourcefire module.
http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-732253.html
03-08-2015 08:22 PM
Do I understand the recommendation correctly that to block countries is to buy more software? I was hoping for an answer that indicates basic firewall settings to block countries. It seems many of the routers have firewall or filter settings; that is what I was thinking about. For example, settings for any of Cisco's line of Small Business routers.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: