Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Draytek 2820 Blocking Inbound Ports

Posted on 2011-09-09
6
Medium Priority
?
1,981 Views
Last Modified: 2012-05-12
We have a number of 2820 and use port redirection to open standard SBS ports. However, the server event logs indicate that there are random hacking attemps over various ports. The attempts are approximately every 1 minute, and are from multiple source IP addresses.

Given that the hack attempts are reaching the server, this would indicate that ports are open on the router. Typically, I would expect all ports to be locked down unless opened for a specific purpose.

Can anyone please advise on how to lock down all ports, and to only allow access to those that are required through port redirection.

Thanks
0
Comment
Question by:swan_solutions
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 8

Expert Comment

by:tonyperth
ID: 36510007
On the Draytek's as soon as you open or redirect a port that port is open to all IP's.  You need to create  afirewall rule for each port to allow the traffic to where you want it to go and block it for all other locations.  i.e. createa firewall rule for port 25 to your server, then create a rule after that blocking all traffic on port 25.

Cheers,

Tony
0
 

Author Comment

by:swan_solutions
ID: 36510168
Are you saying that I should remove all port redirection settings from within NAT and replace them with a 'Filter Rule' within firewall? Or can I block all ports by using a firewall rule, and use this in conjunction with port redirection settings?
0
 
LVL 8

Expert Comment

by:tonyperth
ID: 36510174
Use it in conjunction with.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:swan_solutions
ID: 36510208
OK, I'll give that a go and see if we see a reduction in hack attacks
0
 

Accepted Solution

by:
swan_solutions earned 0 total points
ID: 37379850
The way we got around our problem was to change the port being hacked. In this case it was port 3389
0
 

Author Closing Comment

by:swan_solutions
ID: 37405439
We identified that the problem was associated with a particular port, that was easily remedied by using an alternative port
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question