Tag Archives: Brute Force Attacks

How to Block Brute Force Attacks

IPinfo allows you to reliably identify important information about an abusive IP including City, Region and Country. It also provides abuse information that will allow you to report the abuse to the netblock owner, you will usually need to provide Firewall and/or event logs that detail the attack. In some instances the attack may have been made from an anonymous VPN service, they are unlikely to have any logs of who undertook the attack but may be able to block your IP address or IP Range from their network.

https://ipinfo.io/

It’s very useful to be able to block traffic based on the country its originating from, so many of the Brute Force attacks that we face on a daily basis originate from a small number of countries. Many popular Firewalls provide this feature either as standard or as part of an additional security service subscription.

Watchguard – Geolocation

Fortinet – Geo IP block list

Sophos Firewall – country-based firewall rule

SonicWall – Geo-IP filter

Smoothwall – GeoBlocking

Draytek – Country Object or Geo-Blocking

Untangle NG Firewall – geolocation

pfSense (with pfBlockerNG Package) – geo-blocking

How to report Brute Force Attacks

IPinfo allows you to reliably identify important information about an abusive IP including City, Region and Country. It also provides abuse information that will allow you to report the abuse to the netblock owner, you will usually need to provide Firewall and/or event logs that detail the attack. In some instances the attack may have been made from an anonymous VPN service, they are unlikely to have any logs of who undertook the attack but may be able to block your IP address or IP Range from their network.

https://ipinfo.io/

AbuseIPDB allows you to easily check the report history of any IP Address where Brute Force Attacks are originating from, you can also register for free to report abusive IP addresses

https://www.abuseipdb.com/

Watchguard Feature Requests and Enhancements

Below is a list of Requests for Engineering and Enhancements that have been submitted to Watchguard for the XTM UTM Appliance Range

If you would also like any of these features then I would suggest that you raise a Technical support case with Watchguard and mention the appropraite RFE within your support ticket. You should also ask the case to be set to Status: Bug/Enhancement Submitted and select “Receive BUG/RFE Updates?” so that you are alerted when the feature is implemented in a new XTM OS release. The more cases that are logged against an RFE the faster Watchguard are likely to get the new feature implemented.

  • RFE61499 – Support for FTP through Explicit TLS/SSL
  • RFE62784: Ability to choose dns server requests on dedicated external interface
  • RFE66209 Protection against Brute Force Attacks on OWA, FTP and SMTP
  • RFE67449 – Support for SMTP PIPELINING
  • RFE67450: support for DSN in SMTP proxy
  • RFE67451: support for ENHANCEDSTATUSCODES in SMTP proxy
  • RFE72251: Local WebBlocker Server with Websense Categorization Engine
  • RFE73433 Ability to block or drop traffic based off of geographic location

Please also feel free to post your comments about these feature requests and any others that you think would be beneficial.  I will update the post with new RFE’s so that we can collectively push Watchguard product development for them to be implemented.