-2

i got issue with ransomware attacks day and night from Russia/Ukraine...

even with secure rdp some of them get passes now and then and make me suffer...

so i want to block geo block whole Russia/Ukraine till Microsoft actually think of something and patch this issue...

there is no GeoBlock as far as i know in firewall

so i downloaded http://www.ipdeny.com/ipblocks/ ip's based by country

i know this command netsh advfirewall firewall set rule name = " .....

but it only add up to thousand ip's and if i re run it for next thousand it delete previous batch and replace it with new ones...

i saw some netsh advfirewall firewall add rule name = "

but couldn't figure it out what do i misses to make it work

here is the sample i run

C:\Users\User>netsh advfirewall firewall add rule name = "RussiaOutBlock" new remoteip = "2.16.159.0/255.255.255.0" One or more essential parameters were not entered. Verify the required parameters, and reenter them.

i appreciate insight on this matter of if there is easier way to solve this problem

thank you

Amin MyCard
  • 1
  • 1
  • 1

1 Answers1

1

This is entirely the wrong approach.

First, if you have "secure RDP", how come the attackers get through anyway? This is not normal.

Second: This would be unreliable, as you are now still vulnerable to non-russian IPs attacking you...

Solution: Don't expose the RDP port directly. Put all your stuff except things that need to be public behind a global firewall and only allow access via a secure and proven VPN (e.g. not PPTP) or otherwise secure method like SSH port forwarding.

Sven
  • 98,649
  • 14
  • 180
  • 226
  • yup, thats indeed abnormal, as far as i checked with sophos they re-engineered NSA exploit and breakthrough even i have windows-firewall trendmicro even changed rdp port in registry ... quiet headache – Amin MyCard Aug 31 '18 at 06:30