Sujet : Attaques répétées sur ma e-gueule
Bonjour,
Je suis victime d'attaques répétées sur ma e-gueule. Que faire ?
Contexte :
J'ai une Freebox Révolution en fibre optique.
Derrière la box j'y ai mis un routeur qui gère mon réseau local composé de plusieurs machines dont un NAS Synology et un pc sous windows 7 qui sert de serveur. Le seul truc branché à la box c'est le routeur (et la box télé mais on s'en fout) et chaque redirection de port se fait vers ce routeur puis du routeur vers la machine souhaitée.
De temps en temps internet ne passe plus à cause d'une ou plusieurs IP qui me scannent la gueule à coup de crampons, comme présenté dans le schéma 1.1 ci-après. Je récupère le log via mon routeur.
[LAN access from remote] from 199.195.213.229:51088 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:11:10
[LAN access from remote] from 199.195.213.229:50020 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:11:00
[LAN access from remote] from 199.195.213.229:48932 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:10:50
[LAN access from remote] from 199.195.213.229:47851 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:10:40
[LAN access from remote] from 199.195.213.229:46813 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:10:30
[LAN access from remote] from 199.195.213.229:45791 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:10:20
[LAN access from remote] from 199.195.213.229:44790 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:10:10
[LAN access from remote] from 199.195.213.229:43830 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:10:00
[LAN access from remote] from 199.195.213.229:42912 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:09:50
[LAN access from remote] from 199.195.213.229:42006 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:09:40
[LAN access from remote] from 199.195.213.229:41146 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:09:30
[LAN access from remote] from 199.195.213.229:40275 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:09:20
[LAN access from remote] from 199.195.213.229:39384 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:09:10
[LAN access from remote] from 199.195.213.229:38524 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:09:00
[LAN access from remote] from 199.195.213.229:37634 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:08:50
[LAN access from remote] from 199.195.213.229:36755 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:08:40
[LAN access from remote] from 199.195.213.229:35887 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:08:30
[LAN access from remote] from 199.195.213.229:35037 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:08:20
[LAN access from remote] from 199.195.213.229:34243 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:08:10
[LAN access from remote] from 199.195.213.229:33465 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:08:00
[LAN access from remote] from 199.195.213.229:47918 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:04:40
[LAN access from remote] from 199.195.213.229:47257 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:04:30
[LAN access from remote] from 199.195.213.229:46565 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:04:20
[LAN access from remote] from 199.195.213.229:45850 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:04:10
[LAN access from remote] from 199.195.213.229:45132 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:04:00
[LAN access from remote] from 199.195.213.229:44426 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:03:50
[LAN access from remote] from 199.195.213.229:43731 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:03:40
[LAN access from remote] from 199.195.213.229:43021 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:03:30
[LAN access from remote] from 199.195.213.229:42311 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:03:20
[LAN access from remote] from 199.195.213.229:41592 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:03:10
[LAN access from remote] from 199.195.213.229:40857 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:03:00
[LAN access from remote] from 199.195.213.229:40136 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:02:50
[LAN access from remote] from 199.195.213.229:39421 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:02:40
[LAN access from remote] from 199.195.213.229:38690 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:02:30
[LAN access from remote] from 199.195.213.229:37966 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:02:20
[LAN access from remote] from 199.195.213.229:37234 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:02:10
[LAN access from remote] from 199.195.213.229:36536 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:02:00
[LAN access from remote] from 199.195.213.229:35848 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:01:50
[LAN access from remote] from 199.195.213.229:34560 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:01:30
[LAN access from remote] from 199.195.213.229:60750 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:01:00
[LAN access from remote] from 199.195.213.229:58727 to 10.0.0.13:25565, Wednesday, Jan 02,2013 16:00:29Coup de chance, j'étais devant mon pc.
J'ai simplement coupé la redirection de port 25565 (un serveur minecraft) de la box et tout est rentré dans l'ordre.
Le truc, voyez-vous, c'est que j'aimerai une espèce de kick-ban automatique du mec mettons à partir de x requêtes ratées. Parce que c'est un poil chiant de devoir faire des trucs à la main (et surtout de devoir couper l'accès à un serveur).
Matériel :
- Freebox Révolution
- Routeur Netgear WNR3500Lv2
- 2 Switch Netgear GS108E (un branché entre autre au NAS Synology DS212+ et l'autre branché entre autre au pc servant de serveur)
