Some background:
The other day I decided to turn on "informational" logging on my D-Link DGL-4100 router just to see what information it would report. About 5-6 hours later I was surprised when the log showed up in my email because it was already full! I opened it to find that there were thousands of access attempts on my router from many IPs to various ports on my WAN IP address (my router is set to not respond to WAN pings).
These were mostly in the form of incoming TCP packets and incoming UDP packets and also incoming TCP and UDP connection requests. There were also a number of SYN ACK and other access type attempts. I utilized IP lookup and determined that these were coming mostly from China, but there were also a number of them from Malaysia, Russia, Eastern Europe and also from inside the USA. Below is a small sample from the log, I removed my WAN IP from the entries and only included the port numbers that were attempted:
109.169.61.114:10560 to port 22
109.230.213.43:12200 to port 27977
119.12.45.29:23620 to port 24008
121.221.232.213:52331 to port 44521
121.98.100.110:50340 to port 44521
122.204.40.2:5060 to port 5060
137.226.34.42:80 to port 1599
173.201.165.90:80 to port 19920
173.244.218.225:53 to port 53326
184.73.179.154:80 to port 45000
184.84.222.41:80 to port 3207
202.102.234.87:12200 to port 2301 (this Chinese IP address had a few hundred access attempts to various ports)
208.83.125.193:80 to port 2778
209.127.89.29:1089 to port 2517
221.192.199.46:12200 to port 8085 (this Chinese IP address had several hundred access attempts to these two ports)
221.192.199.48:12200 to port 27977
222.186.13.212:12200 to port 27977 (this Beijing IP address had several hundred access attempts to these five ports)
222.186.13.212:12200 to port 3246
222.186.13.212:12200 to port 8090
222.186.13.212:12200 to port 9000
222.186.13.212:12200 to port 8085
58.218.199.147:12200 to port 2479 (Another few hundred from Beijing)
58.218.199.147:12200 to port 27977
58.218.199.147:12200 to port 3246
58.218.199.147:12200 to port 6588
58.218.199.147:12200 to port 7212
59.50.43.234:61201 to port 22
60.172.230.110:5061 to port 5060
61.132.36.202:6000 to port 65500
61.142.12.86:4162 to port 1434
62.135.105.7:11614 to port 2517
64.90.170.10:80 to port 2302
The log continues on and on, but you get the general idea. I am now very interested in seriously beefing up the security of my home network. My security currently consists of the DGL-4100 and running Norton Internet Security on my PCs.
Although there are no state secrets or launch codes residing on my server or on my PCs, I would still like to:
Im not an IT guy so setting up my own Pfsense rig might be a tad over my head although it is a project that interests me since I love learning new things. I would be starting from zero knowledge so I think it would probably take me some time before I got a DIY Pfsense rig up and running effectively and I would like to bolster my network security sooner than that.
I also read up a bit on the Netgear ProSecure UTM5 and UTM10 and they definitely appeal to me although Im not a fan of yearly subscription fees. The fees are definitely not a deal-breaker since I want my network to be safe and secure, but I also like saving money when possible. Having said that I think this device is near the top of my list (despite the fees) depending upon your input of course.
Finally, I found a few ready-made Pfsense devices like the Netgate m1n1wall 2D3. The cost and throughput of this tiny device (with the optional VPN1411 installed) are impressive and I think I would honestly prefer something like this over building my own Pfsense rig from scratch.
Having said all of that I would greatly appreciate your opinions and recommendations please.
The other day I decided to turn on "informational" logging on my D-Link DGL-4100 router just to see what information it would report. About 5-6 hours later I was surprised when the log showed up in my email because it was already full! I opened it to find that there were thousands of access attempts on my router from many IPs to various ports on my WAN IP address (my router is set to not respond to WAN pings).
These were mostly in the form of incoming TCP packets and incoming UDP packets and also incoming TCP and UDP connection requests. There were also a number of SYN ACK and other access type attempts. I utilized IP lookup and determined that these were coming mostly from China, but there were also a number of them from Malaysia, Russia, Eastern Europe and also from inside the USA. Below is a small sample from the log, I removed my WAN IP from the entries and only included the port numbers that were attempted:
109.169.61.114:10560 to port 22
109.230.213.43:12200 to port 27977
119.12.45.29:23620 to port 24008
121.221.232.213:52331 to port 44521
121.98.100.110:50340 to port 44521
122.204.40.2:5060 to port 5060
137.226.34.42:80 to port 1599
173.201.165.90:80 to port 19920
173.244.218.225:53 to port 53326
184.73.179.154:80 to port 45000
184.84.222.41:80 to port 3207
202.102.234.87:12200 to port 2301 (this Chinese IP address had a few hundred access attempts to various ports)
208.83.125.193:80 to port 2778
209.127.89.29:1089 to port 2517
221.192.199.46:12200 to port 8085 (this Chinese IP address had several hundred access attempts to these two ports)
221.192.199.48:12200 to port 27977
222.186.13.212:12200 to port 27977 (this Beijing IP address had several hundred access attempts to these five ports)
222.186.13.212:12200 to port 3246
222.186.13.212:12200 to port 8090
222.186.13.212:12200 to port 9000
222.186.13.212:12200 to port 8085
58.218.199.147:12200 to port 2479 (Another few hundred from Beijing)
58.218.199.147:12200 to port 27977
58.218.199.147:12200 to port 3246
58.218.199.147:12200 to port 6588
58.218.199.147:12200 to port 7212
59.50.43.234:61201 to port 22
60.172.230.110:5061 to port 5060
61.132.36.202:6000 to port 65500
61.142.12.86:4162 to port 1434
62.135.105.7:11614 to port 2517
64.90.170.10:80 to port 2302
The log continues on and on, but you get the general idea. I am now very interested in seriously beefing up the security of my home network. My security currently consists of the DGL-4100 and running Norton Internet Security on my PCs.
Although there are no state secrets or launch codes residing on my server or on my PCs, I would still like to:
- Ensure that my network and my data are as secure as possible within a reasonable cost (<$1000 USD)
- Maintain a high level of throughput (>20Mb) on my DOCSIS 3.0 cable modem
- In addition to intrusion prevention I also need VPN and would be very interested in a device that has anti-virus, anti-spyware and anti-spam filtering (zero-day?), essentially a UTM device as far as I am aware.
- I have 4 IP cameras in my home that I routinely access while traveling abroad and I need to retain this ability.
- I also want the new device to fit in my rack and I only have 2U of space remaining.
Im not an IT guy so setting up my own Pfsense rig might be a tad over my head although it is a project that interests me since I love learning new things. I would be starting from zero knowledge so I think it would probably take me some time before I got a DIY Pfsense rig up and running effectively and I would like to bolster my network security sooner than that.
I also read up a bit on the Netgear ProSecure UTM5 and UTM10 and they definitely appeal to me although Im not a fan of yearly subscription fees. The fees are definitely not a deal-breaker since I want my network to be safe and secure, but I also like saving money when possible. Having said that I think this device is near the top of my list (despite the fees) depending upon your input of course.
Finally, I found a few ready-made Pfsense devices like the Netgate m1n1wall 2D3. The cost and throughput of this tiny device (with the optional VPN1411 installed) are impressive and I think I would honestly prefer something like this over building my own Pfsense rig from scratch.
Having said all of that I would greatly appreciate your opinions and recommendations please.