ntpclient access and blocking by country

bbx-cisco · ‎02-14-2015

Two questions:

1). In my processes table I see the following:

Name	Description	Protocol	Port	Local Address	Foreign Address

ntpclient

NTP Client

udp

13531

(my WAN IP number)

218.75.4.130

I have another ntpclient to the expect time server. But the one listed above is located in CHINA, (at least the registration). I haven't knowingly set this up. How did it get in my Processes table and should it be a security concern?

2). Can entire countries be blocked? I'm thinking it's impractical to do by registered IP ranges; is there another way? My concern is that I have no legitimate business reason to connect with certain countries most know for sourcing hacking attacks of various types. It seems if I block them, it can reduce the risk of successful attacks to my network. I understand that IP can be spoofed so this would not guarantee blocking attacks originating from those countries, but if it can help to reduce attacks to my network, I would like to implement the blocking.

Collin Clark · ‎02-16-2015

You can block by country with the Sourcefire module.

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-732253.html

bbx-cisco · ‎03-08-2015

Do I understand the recommendation correctly that to block countries is to buy more software? I was hoping for an answer that indicates basic firewall settings to block countries. It seems many of the routers have firewall or filter settings; that is what I was thinking about. For example, settings for any of Cisco's line of Small Business routers.