Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Security How To

IP-Blocklist

IP Blocking is another tool for securing your network, by preventing a user from accidentally inviting in players whose only interest is wreaking havoc.

IP-Blocklist is another pfSense package that blocks specific IP addresses and ranges of IP addresses from accessing your network. Common IP Address lists include known compromised hosts, spammers, spyware, and egregious advertisers – you can find all sorts of lists on iBlocklist.com, a clearing house for list maintainers.

Once installed and enabled, you’ll need to provide a set of URLs that point to the lists you want to use (Figure 11). Each URL must point to a gzipped file.

To do this you need to de-reference the URLs from iBlocklist. The easiest way to do this is to first download the list, then use your browser’s download manager get the URL to enter.

IP blocklist

Figure 11: IP blocklist

Other Packages

Cerberus has several “lesser” packages installed (Figure 12). These provide mostly expanded monitoring capabilities and enabling identification of performance issues and possible intrusions such as traffic irregularities.

Other PFSense packages

Figure 12: Other pfSense packages

Security Tips

It has been recently reported that routers configured and administered via a Web GUI can be vulnerable to “Man in the Middle” attacks. There are some basic hygiene steps you can take to prevent this from happening to you. These steps apply to any networking product that has a web interface.

  • Change all the defaults to personalized values; change the default IP address from 192.168.1.1; change the default user from ‘admin’.
  • Use a separate browser to administer and monitor your router. If you use Firefox for web browsing, use Chrome to administer your router.
  • Use HTTPS instead of HTTP to access your router.
  • Use a unique strong password (need it be said?)
  • Unless you have a compelling reason to do so, do not allow for remote administration.
  • Review your system and traffic logs from time to time, looking for any unusual traffic.

Conclusion

After installing my first pfSense router, I was surprised to see my network constantly under siege; packet after packet, scan after scan poking and prodding my home network. This converted me to a true believer in IDS as I became enamored with pfSense and its impressive capabilities. So this begs the question, why doesn’t everyone run one of these puppies?

It strikes me that that $400 dollars is not a lot of money to spend on an intrusion detection appliance that allows the user to be confident that the machines they rely on, on their home network, haven’t become zombified members of a global botnet.

If you look at commercial IDS appliances, you’ll see the price for this DIY solution is in the ballpark. But it comes without subscription prices, generally offers better performance and, as an open platform, is wholly extensible.

The next logical step for Cerberus is to add an LCD display to the front, for bandwidth monitoring and intrusion alerts. Both pfSense and the Antec case can support a nice display. Replacing the wireless bridge with the Asus PCE-N13 would also reduce the cable tangle behind the router. And maybe we'll install Tarpit for a little fun…

More Stuff

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I am experiencing something strange with my new RT-AX88U router.On my work laptop certain applications need a VPN connection but others work both thro...
Hello,I'm a software developer but need now to set up an on-prem testing/staging/deployment network. I have Linux skills and have been managing a simp...
I Got My X4S-R7800 3 Weeks ago and it's been having 2 issues while on WiFi (PC that's wired does not seem to have these issue) 1. Slow WiFi-Right when...
It It worth Getting a Netgear X4S R7800 for $100 (Or Rather Keeping as I Already got it) to upgrade from my Asus 68U?
Selling a NETGEAR R7800 and ASUS RT-AC86U. Both are in perfect working condition. Will reset to factory settings with the latest stock firmware (or Vo...

Don't Miss These

  • 1
  • 2
  • 3