Something like Peerblock that runs ON your router...

Discussion in 'Networking & Security' started by gibber, Mar 6, 2015.

  1. gibber

    gibber Gawd

    Messages:
    770
    Joined:
    Jul 16, 2007
    I've been searching, but haven't found this yet. Usually I'm good at "googling" things, but this has stumped me so far. :(

    Today's routers are more than powerful enough - could someone tell me which router firmwares will load "block lists" for blocking "bad" IP ranges? (Want to block IPs of known: malware/spyware sources, SPAM senders, "bot net" bots, anti P2P, etc.).

    Surely there must be some routers/firmwares which support this by now? :D

    I know that most router's firmware GUIs ("web interface") will have a page where you can switch between whitelist or blacklist and manually add IPs, but if you could at least load them from a file, or specify a host to download them from, that would basically do what's needed to have something like a "Peerblock" shield protecting your whole LAN at the router.
     
  2. Lames.

    Lames. Gawd

    Messages:
    737
    Joined:
    Nov 17, 2007
    Depends on what router you are trying to flash. DD-WRT may have that function on some of their firmwares(not sure as I do not follow development of DD-WRT).

    Your best bet would to setup something like a PFSense box or buy Ubiquiti EdgeRouter that gives you a lot more functionality then just a flashed consumer router.
     
  3. wizdum

    wizdum [H]ard|Gawd

    Messages:
    1,936
    Joined:
    Sep 22, 2010
    You should look into blocklists that are used for spam, like Spamhaus Zen. They include IPs that are known to be infected with malware/viruses/spam-sending things/botnets/etc. I use their blocklist, along with a few others, with an IPTables firewall wrapper called "ConfigServer Security and Firewall".
     
  4. gibber

    gibber Gawd

    Messages:
    770
    Joined:
    Jul 16, 2007
    Actually, what router I buy depends on what I find out through this thread - I posted the thread to try and help figure out which router to get. Other features I want in the router are: good 2.4Ghz "N" range and excellent NAS performance through a disk connected to the router's USB or eSATA port.

    Well, recent under $200 routers come with ~1Ghz or faster multi-core processors and a decent amount of RAM.

    I suppose I could use one of my unused PCs hooked up to a gigabit switch, then I have to still add some kind of WAP. It will use more power, take up more room, possibly be less reliable.

    Whoa, OK - I just looked up the Ubiquiti EdgeRouter Lite and it's only $100. I guess it would make more sense to use that, and a add a very basic WiFi router on the LAN side, let the EdgeRouter protect me from the WAN side... Will read about it more. Thanks.

    How do you run this on your router? That is the key point of my post. I want an easy way to get these large block lists running on the router itself, so everybody behind it including wife/kids/guests, are all protected without me worrying if their PCs have been updated recently.
     
  5. wizdum

    wizdum [H]ard|Gawd

    Messages:
    1,936
    Joined:
    Sep 22, 2010

    I currently use EdgeRouters everywhere, and just found this:
    http://community.ubnt.com/t5/EdgeMAX/Using-spamhaus-lists/m-p/578909/highlight/true#M15197

    I'm going to try to set it up soon, looks simple enough. The EdgeRouter Lite and UniFi AP are a good combination.
     
  6. Liger88

    Liger88 2[H]4U

    Messages:
    2,660
    Joined:
    Feb 14, 2012
    Question is what are you doing that you would want to block bad IP's in the first place? That's what a Firewall is intended to do, at least in the sense of blocking any traffic from outside that wasn't requested by the inside. Having a block list on a router for outside traffic isn't really going to do anything more (in general) because traffic that would normally get blocked would then have to be looked up again by a separate list to then drop it.

    Any who. Second ERL. Cheap, solid community, and good software package that's constantly being updated.
     
  7. Lames.

    Lames. Gawd

    Messages:
    737
    Joined:
    Nov 17, 2007
    Unless an asset on his network got infected and the virus is calling out to said IPs and transferring his information off the asset...

    I believe the OP is just looking for just an overall block of bad/suspicious IPs from entering his network along with calling out from his network since he stated he wanted a PeerBlock type blocking.

    PeerBlock uses lists of IPs to block when calling out when downloading torrents .
     
  8. Liger88

    Liger88 2[H]4U

    Messages:
    2,660
    Joined:
    Feb 14, 2012

    Yeah that's what I figured. Either running a server or has a bunch of people/devices on the network. It sounded more like this is a very small use (home) and IMHO it would be easier to just put clients you don't trust on their own network and those you do on their own LAN.
     
  9. Lames.

    Lames. Gawd

    Messages:
    737
    Joined:
    Nov 17, 2007
    Exactly what I do :D. Wife and all other devices that want outside access are on the DMZ and everything else I actually do is on its on VLANs. But this is a whole different conversation that could be discussed.:p
     
  10. scobar

    scobar .

    Messages:
    34,025
    Joined:
    Jan 2, 2001
    PfSense does this, and it being on real hardware/os it is much more capable. You can find hardware for $50+ depending on your needs. Netgate has some kits you can score up, I think you can even add wireless if you want to go that route.
     
  11. wizdum

    wizdum [H]ard|Gawd

    Messages:
    1,936
    Joined:
    Sep 22, 2010
    Thats a good plan to protect yourself from your clients, but it doesn't help protect your clients from themselves.
     
  12. Nicklebon

    Nicklebon Gawd

    Messages:
    543
    Joined:
    May 22, 2006
    Cant speak for consumer toy firewalls but most real firewalls, Check Point, Fortinet, Juniper, PA .. etc, have the option to block connections to known malware and botnet command and control addresses. This feature is almost always subscription based.
     
  13. MrGuvernment

    MrGuvernment [H]ard as it Gets

    Messages:
    19,159
    Joined:
    Aug 3, 2004
    Ya was gonna say most open soruces ones like PFsense will do this, toss it on some old little box and get pfblocker.