PDA

View Full Version : [all variants] Editing ACL Rule to block DOS attacks.



FatkidNtraining
February 22nd, 2010, 11:45 PM
Hello first time caller, long time listener. I just recently got hooked on Linux, started with a live CD, then a VMware install, and now a standalone Ubuntu box :) . I am still researching and reading books to catch up, but could not find a solid confirmation to my problem.

My place of work has a small network (15-20 clients) and uses Roadrunner cable. The router is a Cisco/Linksys RVS4000, and has the latest firmware and IPS updates. The firewall / IPS log is logging around 10-15 DOS attacks everyday, mostly coming from China. I wanted to block off the whole country to try and stop it.

Question #1, is the firewall in it's current default state, protecting the network from attacks, or is it just logging them? (I have the WAN set to block all anonymous requests).

Question #2, will adding the China IP ranges in ACL rules stop the hackers better than the current setup?

Question #3, if so then is the following screen shot correct? I surely don't want to accidently allow full access based on my lack of knowledge. I only entered the first IP range, and did not apply it.

Thank you so much in advance!