90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!
Solved
Block Traffic from a Specific Domain
Posted on 2012-12-30
Is there a way I can block all traffic from a specific domain?
Currently i have a Cisco RV042G Gigabit Dual WAN VPN Router as my gateway.
Currently i have a Cisco RV042G Gigabit Dual WAN VPN Router as my gateway.
3
2
6 Comments
Active today
Please explain, what type of traffic are you looking to block? To which application/service?
The restriction might be on the application/service layer.
You can block access if you know their IP ranges. From discussion https://supportforums.cisco.com/thread/2153386 image of firewall rules
https://supportforums.cisco.com/servlet/JiveServlet/download/3655134-129391/firewall4.PNG
You would add a deny on the wan for those IP ranges.
Depending on service/application, it may have a way to deny access based on domain referenced in the reverse DNS.
The restriction might be on the application/service layer.
You can block access if you know their IP ranges. From discussion https://supportforums.cisco.com/thread/2153386 image of firewall rules
https://supportforums.cisco.com/servlet/JiveServlet/download/3655134-129391/firewall4.PNG
You would add a deny on the wan for those IP ranges.
Depending on service/application, it may have a way to deny access based on domain referenced in the reverse DNS.
Firewall->Content Filter->Forbidden Domains
use the NetBIOS name (eg instead of blocking www.doamin.com, block domain.com)
https://supportforums.cisco.com/thread/2023056
use the NetBIOS name (eg instead of blocking www.doamin.com, block domain.com)
https://supportforums.cisco.com/thread/2023056
Active today
The asker seems to want external resources from a specific doman restricted from accessing their resources rather than preventing local users from accessing an external resource.
Arnold..... There is a bigger problem if traffic traverses a network without invitation from inside. If you have unsolicited traffic in filtering your network, there is a guarantee that there is a worm on one of the workstations or someone had granted explicit access to the domain unknowingly.
I think the author needs to clarify his request at this point
I think the author needs to clarify his request at this point
Active today
I agree that one could go that the issue is responses coming in from a domain and the asker ones to block it. Your DNS adjustment will prevent access from inside to that domain so no response will be coming back.
The other (my understanding of the question as asked) deals with the asker having an app/service/etc. that needs to be restricted from receiving requests based on a domain name.
Domains do not really generate traffic, but the point is you could restrict on several application based on the domain that is identified by resolving the IP.
Not all IPS resolve to a name, so knowing the range of IPs from which you want access blocked is imperative.
The more rules you add, the worse the performance of your router will become since it has to evaluate everyrule in the order.
you would usually define deny rules before allow ones.
1 deny from_networks_I_do_not_lik
allow established (meaning a request from the LAN went out and this matches a response coming back)
2 deny IP1_range to HTTP
3 allow everyoneelse to http
Ordering the rules based on most use is a more efficient use of resources.
Depending on how involved you want to get, you could look at setting up an IPS/IDS using a linux box with two network interfaces with iptables and snort.
It could be in transparent mode where it sits between the router and the LAN.
http://www.fwbuilder.org/ might help you in crafting rules.
http://www.snort.org/
The other (my understanding of the question as asked) deals with the asker having an app/service/etc. that needs to be restricted from receiving requests based on a domain name.
Domains do not really generate traffic, but the point is you could restrict on several application based on the domain that is identified by resolving the IP.
Not all IPS resolve to a name, so knowing the range of IPs from which you want access blocked is imperative.
The more rules you add, the worse the performance of your router will become since it has to evaluate everyrule in the order.
you would usually define deny rules before allow ones.
1 deny from_networks_I_do_not_lik
allow established (meaning a request from the LAN went out and this matches a response coming back)
2 deny IP1_range to HTTP
3 allow everyoneelse to http
Ordering the rules based on most use is a more efficient use of resources.
Depending on how involved you want to get, you could look at setting up an IPS/IDS using a linux box with two network interfaces with iptables and snort.
It could be in transparent mode where it sits between the router and the LAN.
http://www.fwbuilder.org/ might help you in crafting rules.
http://www.snort.org/
Featured Post
There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Powerful tools can do wonders, but only in the right hands. Nowhere is this more obvious than with the cloud.
Have a Cisco router that you forgot the password or maybe you bought a used router that is locked with a password? This article will guide you through the steps on how to recover the password on your Cisco gear.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month11 days, 20 hours left to enroll
607 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.