Good day.
i just want to open a discussion around the evolving of filtering malicious traffic and how to drop or minimize the traffic inside your network before it breaks out.
ive been doing some research around this topic and not getting any solid solution. we are basically getting blacklist everyday where we have to allocate a new public src nat ip for breakout.
this is influencing our services that we provide to our customers as an isp.
im really open for discussion on how we can go forward in not being blocked so many times.
-
-
SL4Y3R1989
just joined
- Posts: 6
- Joined:
- Location: South Africa
- Contact:
Re: Filtering Malicious Traffic
Sounds like education of clients is probably the most important part of a way forward.
Without knowing the root causes of being blacklisted its hard to point in the right direction other than perhaps you may need some fancy layer 7 work??
Without knowing the root causes of being blacklisted its hard to point in the right direction other than perhaps you may need some fancy layer 7 work??
-
-
SL4Y3R1989
just joined
- Posts: 6
- Joined:
- Location: South Africa
- Contact:
Re: Filtering Malicious Traffic
im truly open for anything that can work to minimize most malicious traffic on our network.
when you refer to fancy layer 7, please could you suggest what can be done with layer 7?
when you refer to fancy layer 7, please could you suggest what can be done with layer 7?
Re: Filtering Malicious Traffic
How about an "abuse policy"? action -> reaction
-
-
tippenring
Member
- Posts: 304
- Joined:
- Location: St Louis MO
- Contact:
Re: Filtering Malicious Traffic
It really depends on the nature of the malicious traffic that is landing you on blacklists. My guess is it is mail since that's most prevalent. If it is, you could drop all outbound port 25, 465, and 587 from your clients and make them relay mail through your internal mail server. Once you have the outbound mail, you can scan it as you wish to try to eliminate malicious email and other responses such as informing your infected users.
You could implement any of a number of packet/traffic inspection applications, such as perhaps security-onion.com, ipfire.org, pfsense, Snort, and others (I don't endorse any of these, they're just in my list of things to play with some day).
You could implement any of a number of packet/traffic inspection applications, such as perhaps security-onion.com, ipfire.org, pfsense, Snort, and others (I don't endorse any of these, they're just in my list of things to play with some day).
Re: Filtering Malicious Traffic
I would certainly recommend trying a service that is decent at blocking crap from getting in......
Its effective and costs pennies and worth a shot to see if it helps in any way, developed by one of our posters for his clients ........ (do a trial)
viewtopic.php?t=137632
However if you have money to burn you could look at this alternative (if the first one above doesn't pan out at all)
https://axiomcyber.com/shield/
Its effective and costs pennies and worth a shot to see if it helps in any way, developed by one of our posters for his clients ........ (do a trial)
viewtopic.php?t=137632
However if you have money to burn you could look at this alternative (if the first one above doesn't pan out at all)
https://axiomcyber.com/shield/
-
-
SL4Y3R1989
just joined
- Posts: 6
- Joined:
- Location: South Africa
- Contact:
Re: Filtering Malicious Traffic
thanks for all the help.
i have updated some of our rules regarding the mail ports so let see if it works.
will keep you updated regarding MOAB and the other site that was suggested.
i have updated some of our rules regarding the mail ports so let see if it works.
will keep you updated regarding MOAB and the other site that was suggested.