Sunday, October 27, 2019

IP address black hole on a unifi USG router

IP address black hole on a unifi USG router

Recently I have had someone trying to brute force a login onto my NAS box here and they were constantly using the same IP address.  So I decided to research how to stop a specific IP address from connecting to my network from the internet.  I have a USG Pro4 router which is an excellent device if you are prepared to put in the time to learn the intricacies of how it works.

To black hole an address

Navigate to Settings/Routing & Firewall and click on create a new rule


Use the settings below.  Note that you will need to "CREATE IPV4 ADDRESS GROUP".  I called mine "Black hole" to make it obvious what it is for.

Once this is done click Save.  What this does is drop all incoming packets from any IP address defined in the "Black hole" group.

To black hole an IP address simply navigate to Settings/Routing & Firewall/Groups and select Edit


Add the IP address and click Save.  That IP address will no longer be able to connect to your network. my list is below






6 comments:

  1. This comment has been removed by the author.

    ReplyDelete
    Replies
    1. Not fond of black holes Julianne? This is here so that I can remember how to stop this next time it happens. You never know it might just help someone else too :)

      Delete
  2. How do I know if I have been the target of brute force?

    ReplyDelete
  3. You almost certainly have been. It comes down to reporting on your router. Most likely it doesn't so you will not be able to tell. It is what it is. I have the right hardware and the ability to configure and check who is attaching to my systems. Some enterprising company can probably make money with hardware software to detect and stop this kind of thing

    ReplyDelete
    Replies
    1. As long as you update your software and Windows regularly you should be fine. Having said that there are no guarantees in life

      Delete