Tag Archives: Subscription

How to Block Brute Force Attacks

IPinfo allows you to reliably identify important information about an abusive IP including City, Region and Country. It also provides abuse information that will allow you to report the abuse to the netblock owner, you will usually need to provide Firewall and/or event logs that detail the attack. In some instances the attack may have been made from an anonymous VPN service, they are unlikely to have any logs of who undertook the attack but may be able to block your IP address or IP Range from their network.

https://ipinfo.io/

It’s very useful to be able to block traffic based on the country its originating from, so many of the Brute Force attacks that we face on a daily basis originate from a small number of countries. Many popular Firewalls provide this feature either as standard or as part of an additional security service subscription.

Watchguard – Geolocation

Fortinet – Geo IP block list

Sophos Firewall – country-based firewall rule

SonicWall – Geo-IP filter

Smoothwall – GeoBlocking

Draytek – Country Object or Geo-Blocking

Untangle NG Firewall – geolocation

pfSense (with pfBlockerNG Package) – geo-blocking

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.1 – Build # 346666

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.1 – Build # 346666

11.6.1 – Build # 346666 Provides some new features and resolves the following issues:

• This release introduces support for the new high-performance XTM 5 Series models 515, 525, 535, and 545

• Provides an update to our localized user interfaces and documentation

• An XTM device configured in bridge mode can now pass VLAN traffic between 802.1Q switches or bridges

• FireCluster support for XTM 25, 26, and 33 wired models

• Several issues have been resolved in this release that caused XTM devices to crash when configured to use Application Control or IPS [66937, 65426, 65636, 67312, 66135, 67159, 67399, 67310]

• An issue was resolved that caused some XTM device processes to crash when running Mu Dynamics default published vulnerability test [66490]

• An issue was resolved that caused a kernel crash and device reboot [67329]

• The XTM 2 Series device can now handle a large file transfer without interface instability [67367]

• A problem that caused incorrect data to display on the XTM 5 Series LCD screen has been resolved [67197]

• Policy Manager now displays the correct VLAN limits for XTM 5 Series models 505, 510, 520, and 530 with a standard Fireware XTM feature key (not Pro) [67780]

• You can now successfully configure and apply Traffic Management actions for XTM 2 and 3 Series devices from the Web UI [67221, 66645]

• Firebox X Edge e-Series devices can now be successfully managed with templates [67658]

• The notification message sent when a local Log or Report database is down now correctly shows the host IP address instead of “???” [41731]

• The Log Server can now handle backup files greater than 2GB in size without generating an error message: “Error (8199), Exception during backup of oldest log data: File is not a zip file” exception” [66811]

• The DHCP lease activity report now works correctly [66062]

• Log Collector now handles XTM device log data that spans multiple SSL/TLS records without crashing [66347]

• A problem has been resolved that caused poor performance on XTM 2 Series models 25 and 26 because of an incorrect memory allocation for security subscription signatures [67240]

• A deny message is now correctly sent to the web browser in most cases when Application Control blocks content in the Web/Web 2.0 category [66201]

• The WebBlocker automatic database update time is no longer off by one hour when daylight savings time is in effect on the host server’s timezone [67551]

• If you use PPPoE or DHCP for an external interface on an XTM device configured to use multi-WAN, the XTM device no longer loses the default routes for external interfaces after the external interface reconnects [67424, 67520]

• A problem has been resolved that caused a static route to fail after an external interface configured to use PPPoE is disconnected, then reconnected [67520]

• Tagged VLAN traffic is now correctly recognized when an XTM device is configured in Bridge mode [64355]

• The CLl command “restore factory default all” now successfully restores a device to its factory default settings [66240]

• An issue has been resolved that caused Policy Manager to incorrectly display an interface IP address as 0.0.0.0/24 when you viewed a FireCluster configuration for a cluster in drop-in mode [63551]

• The Mobile VPN with SSL process no longer crashes during a FireCluster failover [66118]

You can download 11.6.1 – Build # 346666 from the Watchguard website