How to best use LS to block known offending IP addresses

General discussions about Little Snitch
randyharris
Rank 1
Rank 1
Posts: 34
Joined: Thu May 10, 2007 9:10 am

How to best use LS to block known offending IP addresses

Postby randyharris » Tue Jul 12, 2016 12:11 am

A system issue got me to look at the Console and when I did I could see that there are about 15 IP addresses from North Korea and Poland from which they are trying to hack into my Mac via ScreenSharing.

I would like to leave ScreenSharing enabled so that I can 'login' to that machine remotely, but am concerned about others trying to hack in.

My thought was to leave all connections inbound to port 5900 open, but would like to blacklist those known IP addresses that are trying to gain access, but I can't figure out how. If I have one rule to allow all incoming, and another rule to block specific IP's, I can't seem to priorities the block rule over the allow all and as a result it lets everything through.

Appreciate any thoughts and input on this.

Thank you,

wa1oui
Posts: 3
Joined: Sat Oct 06, 2012 6:12 pm

Re: How to best use LS to block known offending IP addresses

Postby wa1oui » Tue Oct 11, 2016 7:33 pm

I've got a similar problem only my attackers are from China! What I do is use non-standard ports, and then have port forwarding in my router to a specific computer on my LAN... this may not work in your situation, but it's an idea.

ankhank
Posts: 5
Joined: Sat May 03, 2008 9:08 pm

Re: How to best use LS to block known offending IP addresses

Postby ankhank » Sun Oct 01, 2017 12:59 am

Belated reply to thread, but same question. I realize this is a wishlist item.

I'm getting slammed by port scans and attempts to connect (associated with a huge wave of email spam via qq.com, hundreds per hour on many days).
Possibly I offended someone, somewhere.

When I use whois to google the IP address attempting to connect, I almost always find the offending IP address has had many reports from many of the sites that collect bad-IP lists, such as

abuseipb.com
blackhat.directory

and quite a few others that will show up when you do a Google search for: whois [IP address]

I wish I could enable LittleSnitch to rely on some of the blacklist/blocklist sites and autmagically dismiss connection attempts from them.

Any hope?


Return to “Little Snitch General”

Who is online

Users browsing this forum: No registered users and 7 guests