Solved

Block Traffic from a Specific Domain

Posted on 2012-12-30
6
658 Views
Last Modified: 2012-12-30
Is there a way I can block all traffic from a specific domain?

Currently i have a Cisco RV042G  Gigabit Dual WAN VPN Router as my gateway.
0
Comment
Question by:deklinm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 79

Assisted Solution

by:arnold
arnold earned 251 total points
ID: 38730505
Please explain, what type of traffic are you looking to block? To which application/service?
The restriction might be on the application/service layer.

You can block access if you know their IP ranges. From discussion https://supportforums.cisco.com/thread/2153386 image of firewall rules
https://supportforums.cisco.com/servlet/JiveServlet/download/3655134-129391/firewall4.PNG

You would add a deny on the wan for those IP ranges.

Depending on service/application, it may have a way to deny access based on domain referenced in the reverse DNS.
0
 
LVL 18

Assisted Solution

by:Akinsd
Akinsd earned 166 total points
ID: 38730535
Firewall->Content Filter->Forbidden Domains
use the NetBIOS name (eg instead of blocking www.doamin.com, block domain.com)

https://supportforums.cisco.com/thread/2023056
0
 
LVL 21

Assisted Solution

by:Rick_O_Shay
Rick_O_Shay earned 83 total points
ID: 38730870
Some people use a dummy DNS entry for that domain like "127.0.0.1 www.domain.com"
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 79

Assisted Solution

by:arnold
arnold earned 251 total points
ID: 38731041
The asker seems to want external resources from a specific doman restricted from accessing their resources rather than preventing local users from accessing an external resource.
0
 
LVL 18

Assisted Solution

by:Akinsd
Akinsd earned 166 total points
ID: 38731620
Arnold..... There is a bigger problem if traffic traverses a network without invitation from inside. If you have unsolicited traffic in filtering your network, there is a guarantee that there is a worm on one of the workstations or someone had granted explicit access to the domain unknowingly.

I think the author needs to clarify his request at this point
0
 
LVL 79

Accepted Solution

by:
arnold earned 251 total points
ID: 38731648
I agree that one could go that the issue is responses coming in from a domain and the asker ones to block it. Your DNS adjustment will prevent access from inside to that domain so no response will be coming back.
The other (my understanding of the question as asked) deals with the asker having an app/service/etc. that needs to be restricted from receiving requests based on a domain name.
Domains do not really generate traffic, but the point is you could restrict on several application based on the domain that is identified by resolving the IP.
Not all IPS resolve to a name, so knowing the range of IPs from which you want access blocked is imperative.
The more rules you add, the worse the performance of your router will become since it has to evaluate everyrule in the order.
you would usually define deny rules before allow ones.

1 deny from_networks_I_do_not_like for any service
allow established (meaning a request from the LAN went out and this matches a response coming back)
2 deny IP1_range to HTTP
3 allow everyoneelse to http

Ordering the rules based on most use is a more efficient use of resources.

Depending on how involved you want to get, you could look at setting up an IPS/IDS using a linux box with two network interfaces with iptables and snort.

It could be in transparent mode where it sits between the router and the LAN.

http://www.fwbuilder.org/ might help you in crafting rules.
http://www.snort.org/
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question