pfSense Support Subscription

Author Topic: How to block *.verizon.net ?  (Read 963 times)

0 Members and 1 Guest are viewing this topic.

Offline Gradius

  • Full Member
  • ***
  • Posts: 140
  • Karma: +0/-0
    • View Profile
How to block *.verizon.net ?
« on: April 14, 2012, 10:21:46 am »
How can I block the entire *.verizon.net ?

I'm tired of hacker/cracker-wanna be coming from *.verizon.net

How can I block it ?

Thanks
« Last Edit: April 14, 2012, 10:41:46 am by Gradius »

Offline Gradius

  • Full Member
  • ***
  • Posts: 140
  • Karma: +0/-0
    • View Profile
Re: How to block *.fios.verizon.net ?
« Reply #1 on: April 14, 2012, 10:36:56 am »
I did put a Firewall Aliases as verizon.net.

Then I put them on firewall rules.

Is that correct?
« Last Edit: April 14, 2012, 10:41:54 am by Gradius »

Offline Gradius

  • Full Member
  • ***
  • Posts: 140
  • Karma: +0/-0
    • View Profile
Re: How to block *.verizon.net ?
« Reply #2 on: April 14, 2012, 10:44:03 am »
No it didn't.

It just blocked verizon.net

Help!

Offline Nachtfalke

  • Hero Member
  • *****
  • Posts: 2754
  • Karma: +1/-0
    • View Profile
Re: How to block *.verizon.net ?
« Reply #3 on: April 14, 2012, 11:39:43 am »
With firewall rules it is not that easy.

As you said: verizon.net just blocks this domain but no subdomains.
To block it by firewall you need all subdomains or all IP subnets.

The other possibility could be squid + squidguard and block verizon.com

Offline Gradius

  • Full Member
  • ***
  • Posts: 140
  • Karma: +0/-0
    • View Profile
Re: How to block *.verizon.net ?
« Reply #4 on: April 14, 2012, 11:58:20 am »
I see.

The problem lies they aren't using any IP to the hosts, so looks like I'll need to look for CIDR's.

Online cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: How to block *.verizon.net ?
« Reply #5 on: April 14, 2012, 09:02:16 pm »
The other possibility could be squid + squidguard and block verizon.com

That would only be for egress traffic, and only for *.verizon.com sites. Sounds like he's referring to every host on Verizon's network, and ingress rather than egress traffic.

You'll have to create an alias with their CIDR IP blocks to accomplish that. Though I doubt that's actually going to accomplish much if anything for you, there are countless far more malicious networks. US ISPs in general will quickly shut down abuse when it's reported, but God help you with Eastern Europe, China, and many other regions. I report a lot of abuse against our networks, US and western Europe get the best response. Eastern Europe and much of Asia, as much as half the time the abuse emails bounce, and for the remainder you almost never hear back and commonly see abuse continuing.

You should also determine whether it's really a port scan (blocking of TCP:S), or if it's backscatter noise from things like spoofed source TCP SYN floods (where you're blocking TCP:SA). The former is something to report to their abuse, the latter is just an unfortunate fact of life on the Internet when a host on their network is being attacked. And it's frequently misinterpreted as something on their network "scanning" you, SYN ACKs are not that.