Archer C3150 Blue UI - how do I block incoming traffic by IP or Subnet mask?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Archer C3150 Blue UI - how do I block incoming traffic by IP or Subnet mask?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Archer C3150 Blue UI - how do I block incoming traffic by IP or Subnet mask?
Archer C3150 Blue UI - how do I block incoming traffic by IP or Subnet mask?
2019-12-12 18:45:29
Model: Archer C3150  
Hardware Version: V2
Firmware Version: 3.0.0 0.9.1 v005f.0 Build 170926 Rel.63400n

Long story short, some IP from China is trying to break into my network. I had a SSH server on a high port, but they found it with a port scan. I'd like to be able to block this incoming connection at the router. I've seen some instructions on doing host filtering with the "Green UI" to block hosts, but it appears to be related to local hosts going outboundHost blocking

 

I can't seem to find anything in the UI that supports this method. Doesn anyone know if it is possible, and if so, provide instructions?

  0      
  0      
#1
Options
5 Reply
Re:Archer C3150 Blue UI - how do I block incoming traffic by IP or Subnet mask?
2019-12-12 21:49:58 - last edited 2019-12-12 21:51:19

@Stettin 

 

Do you have the IP address that is of concern?  Or any logs recorded by the router?

  0  
  0  
#2
Options
Re:Archer C3150 Blue UI - how do I block incoming traffic by IP or Subnet mask?
2019-12-13 03:12:27

@Carl I don't believe there would be logs on the router unless it logged allowed traffic. It went to my internal server, but was blocked due to bad password. Here are logs from the SSH server

 

 <event seq="2170" time="2019-12-08 15:22:10.956664 -0800" app="BvSshServer 8.32" name="I_CONNECT_ACCEPTED" desc="Connection accepted.">
    <session id="1698" service="SSH" remoteAddress="122.144.179.29:60327" loc="CN/AS"/>
    <location continent="Asia" country="China"/>
    <sessions ssh="1" sshAuth="0" ftp="0" ftpAuth="0"/>
  </event>

  <event seq="2171" time="2019-12-08 15:22:11.120341 -0800" app="BvSshServer 8.32" name="I_CONNECT_VERSION_RECEIVED" desc="Client version string received.">
    <session id="1698" service="SSH" remoteAddress="122.144.179.29:60327" loc="CN/AS"/>
    <parameters clientVersion="SSH-2.0-libssh-0.2"/>
  </event>

  <event seq="2172" time="2019-12-08 15:22:11.285865 -0800" app="BvSshServer 8.32" name="I_SESSION_DISCONNECTED_NORMALLY" desc="Session disconnected normally.">
    <session id="1698" service="SSH" remoteAddress="122.144.179.29:60327" loc="CN/AS"/>
    <parameters disconnectReason="EofReceived" socketBytesReceived="20" socketBytesSent="852" payloadBytesReceived="0" payloadBytesSent="693" channelBytesReceived="0" channelBytesSent="0"/>
    <sessions ssh="0" sshAuth="0" ftp="0" ftpAuth="0"/>

 

I really only have this exposed to the internet so I can automatically back up my webhost. I'm using just cert authentication, so brute force would not work, but it is still concerning. The remote port of the IP cycles through.

 

This IP is a known bad IP listed at  http://blacklists.co/download/all.txt

 

 

  0  
  0  
#3
Options
Re:Archer C3150 Blue UI - how do I block incoming traffic by IP or Subnet mask?
2019-12-13 17:10:22

@Stettin 

 

The selected model you have is the Archer C3150 V2 but i wanted to make sure that is correct as in the title you stated blue UI.   If the C3150 V2 is you model make sure the AV software in homecare is enabled.  This has a built in intrusion prevention system that should block the incomming attack attempts. 

  0  
  0  
#4
Options
Re:Archer C3150 Blue UI - how do I block incoming traffic by IP or Subnet mask?
2019-12-13 17:38:23

@Carl 

Carl wrote

@Stettin 

 

The selected model you have is the Archer C3150 V2 but i wanted to make sure that is correct as in the title you stated blue UI.   If the C3150 V2 is you model make sure the AV software in homecare is enabled.  This has a built in intrusion prevention system that should block the incomming attack attempts. 

 

Hi, yes it is v2 and HomeCare is enabled. Maybe that IP isn't in the list to block? The website I listed earlier doesn't have that IP now, but it is in the Google cache from 12/11/19. Maybe they just spun it up and not that it is blocked have moved to a new IP? I temporarily turned my port forward back on for a few mintues last night and didn't see any new connections.

 

Is there not a way to add a list of IPs to block, or is that list only part of the system? Also, is the HomeCare AV free for the life of the product, or a subscription? I don't recall ever signing up for it.

  0  
  0  
#5
Options
Re:Archer C3150 Blue UI - how do I block incoming traffic by IP or Subnet mask?
2019-12-13 18:47:40

@Stettin 

 

The Malious content and intrusion prevention system is powered by TrendMicro.  There is no way for us to manually add addresses to this blocked list.  Its based on thier content filters.   

 

We can attempt to send the address to TrendMicro and have it reviewed but it would be based on the results they find.  

  0  
  0  
#6
Options