Solved

juniper ssg blacklisting ip addresses

Posted on 2009-07-09
4
1,222 Views
Last Modified: 2013-11-16
Someone from the other side of the world has been port scanning my computer with a source port 6000  and end port 8090.

I dont quite understand what they are doing and why and how it affects me, but I've had some recommendations that I should ban/blacklist their IP address. On my side, I'm not too sure that we're even using port 8090, but this person has portscan me 3 times in 1 day.

The problem is that my network guy says the SSG cannot blacklist an IP/domain. There is no way to do this on the interface and that I shouldnt be worried about it anyway because the fact that I'm receiving the alarm messages via email means that the firewall is doing its job and not letting the intruder any access to our network.

I dont think I am being singled out by this person (simply because I dont think of any cause that someone from that side of the world would want to cause intentional harm to my network. So its probably somekind of an automated engine which happen to land on my side). Nevertheless, I'm not too comfortable at my network guy's recommendation to simply ignore it.

The question is:
1. Is there anyway that I can ban this IP/domain from our network? How do I do that in SSG?

Thanks in advance
0
Comment
Question by:SW111
  • 2
  • 2
4 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 24815622
What your network guys are saying is correct absolutely but at the same time, think about a different scenario. Since in the last question you didn't post that ip address completely so I don't know what is running there.

Case 1:

1. The ip is port scanning you, but your firewall blocks it fine! - As per your network guys.

Case 2:

2. Say this computer is part of a file sharing service (something like a torrent server) which happens to host this virus as well, an internal user from your network initiates a connection to this ip (of course unknowingly) and the connection will get established - Reason being you haven't blocked it. So it is quite possible that something nasty also can get downloaded.

This is just one observation, I wouldn't take the chance! and SSG can't block ? I don't quite understand this. It can.

Cheers,
Rajesh
0
 

Author Comment

by:SW111
ID: 24820400
Hi Rsivanandan, Thanks for the reply. I agree with you with the blocking of this IP address. It seems more logical to do something about a threat rather than simply ignore it. (Its like letting a burglar walk aroung my front yard and not worry about it because I have a door....)

But could you tell me how do I go about blocking this IP from the firewall? My network guy says SSG cant do this. I bought the SSG from him, so my best source of information is him, Expert Exchange, and a thousand page (literally....) of manual.

Btw, I've checked the manual... I dont understand most of it. So I guess if SSG can block an IP, I will have to tell my network guy how to do it
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 24820690
See in SSG, you'd have an internal facing interface and external facing interface through which traffic is allowed to pass or to block.

Zones are used to mark the security on the interface, so your internal interface would be in 'trust' zone and external would be in 'untrust' zone.

So a security policy would look like this;

set security policy id 1 from unrust to trust <IP TO BE BLOCKED> any deny

now, you already will be having many of those lines and the id number changes.

You can read more at my blog;

rsivanandan.com

Cheers,
Rajesh

0
 

Author Closing Comment

by:SW111
ID: 31601679
Great. This is exactly what I was looking for. Thanks Rsivanandan
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now