Announcement

Collapse
No announcement yet.

Swan Watch

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Swan Watch

    We are lucky to have swans nesting in our garden, so I have set up a Swan Watch site for the benefit of other people (welcome to view - remember time difference and 128K upload limitation). This is on Homeseer port 80 on the firewall pc (Win2K Pro with NAT) which has Zone Alarm firewall and McAffee anti-virus.
    Because of the 24/7 cable connection, the firewall is frequently being targeted by automatic probes from hackers, and while most are (hopefully) being deflected, event log errors of attempted system file over-writes suggest some have succeeded in getting through, and presumably some may have successfuly planted some of their 'nasties' (I've had a few 'lockups' recently).
    Homeseers log lets me see the IP of those connecting who then generated HS 'Error 404, cannot serve file ....' with their probing. What I need is something to let me filter out these IPs from connecting in the future, but I am having trouble finding a way of doing this.
    Presumably there must be something somewhere that can momitor incoming connections and then filter/block them according to IP address (or preferably subnet).

    Can anybody help me out in some way - I would really like to try keeping the Swan Watch facility up and running until at least the hatching (about 6 weeks time), so anything that helps (utilities, HS ASPs, advice) would be greatly appreciated.

    Cheers,
    Robin

    #2
    Very Nice, Thanks!!

    <BLOCKQUOTE><font size="-1">quote:</font><HR> Presumably there must be something somewhere that can momitor incoming connections and then filter/block them according to IP address (or preferably subnet). <HR></BLOCKQUOTE>

    Not sure what you are trying to do here. Since you are running Zone Alarm, can't you just block the IP's with Zone Alarm???
    DSteiNeuro

    HS3Pro

    MSI Cubi Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2201 Mhz, 2 Core(s), 4 Logical Processor(s) 16GB DDRl RAM

    Enabled Plug-Ins
    BLRussound, BLSpeech, HSTouch Server, JowiHue, MyQ, Nest, Rain8, Squeezebox, Ultra1Wire3, UltraGCIR3, Vista Alarm, X10,Z-Wave

    Comment


      #3
      I expect it's a matter of not seeing the wood for the trees, but I cannot find the facility in ZA 3 to block by IP, only by ports. Therefore, as I have to have HS open on port 80, then anyone can get in - even those repeated hackers I would like to 'blacklist'.

      Comment


        #4
        You need to upgrade to zoon alarm pro and you can block any ip address or any range of ipaddress.

        -Rupp
        -Rupp
        sigpic

        Comment


          #5
          <BLOCKQUOTE><font size="-1">quote:</font><HR> Because of the 24/7 cable connection, the firewall is frequently being targeted by automatic probes from hackers, and while most are (hopefully) being deflected, event log errors of attempted system file over-writes suggest some have succeeded in getting through, and presumably some may have successfuly planted some of their 'nasties' (I've had a few 'lockups' recently).
          <HR></BLOCKQUOTE>

          The other option would be to add a router as a hardware firewall. This would also gibe you the option of adding other PC's, Audreys etc to the LAN. Most of the Routers are pretty cheap now. Just make sure the router has an option to block IPs or a range of IPs.
          DSteiNeuro

          HS3Pro

          MSI Cubi Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2201 Mhz, 2 Core(s), 4 Logical Processor(s) 16GB DDRl RAM

          Enabled Plug-Ins
          BLRussound, BLSpeech, HSTouch Server, JowiHue, MyQ, Nest, Rain8, Squeezebox, Ultra1Wire3, UltraGCIR3, Vista Alarm, X10,Z-Wave

          Comment


            #6
            You can build a simple and effective firewall with an old PC with two NICs utilizing NAT/firewall software. Better yet build a DMZ and put HS inside of it. Hardware firewall's are nice but once they are hacked (I have seen apps that do that) they are more difficult to upgrade because it usually involves a firmware upgrade.
            - Pete

            Auto mator
            Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
            Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
            HS4 Lite - Ubuntu 20.04 / VB W7e Jetway JBC420U591
            Fanless IntelĀ® Celeron N3160 SoC 8Gb
            HS4 Pro - V4.1.18.1 - Ubuntu 20.04/VB W7e 64 bit Intel Kaby Lake CPU - 32Gb
            HSTouch on Intel tabletop tablets

            X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Smartthings hub, Hubitat Hub, and Home Assistant

            Comment


              #7
              Thanks guys, but the Win2K Pro Firewall does have 2 net cards and is acting as a router between Internet and internal network. I don't think it would matter much if the HS webserver on port 80 was moved inside... it looks like a common hacker ploy is to frequently and automatically scan a subnet range for accessible port 80s (amongst others) then fire off a string of probes into the port looking for common IIS weaknesses etc. While HS reports the probes that miss target (it can't make sense of), the worry is that some did quietly find the weakness they were aimed at.

              Hopefully Rupp has been able to point me in the right direction in his email. Although the specifics didn't seem to match my ZA Pro GUI, I followed the gist and have created separate individual 'Blocked' Zones for each of the unwelcome visitors IPs. Not been long since I did this, but seems to have worked up till now.

              Robin (with fingers crossed)

              Comment

              Working...
              X