Blacklist IP Addresses by connection attempts

Hello. I’m new to the comodo forums, but have been an avid user of the product for many years.

My question: Is there a way to program Comodo’s firewall to automatically blacklist IP addresses based on the number of connection attempts? I’m running a secure shell server and I am constantly getting flooded with numerous IP addresses who continue to “pound at my door” hoping to find a weak spot. I’m aware there are other things I can do to prevent this (like tell SSH to listen on a different port other than 22), but I simply want to know if Comodo can do this. I’ve searched the forums and found nothing about this (which is quite surprising), so maybe I’m looking in the wrong place. Any assistance would be greatly appreciated. :slight_smile:

There is no such function in CIS I am afraid.

Hmmm… sounds like something for the next revision. :stuck_out_tongue:

I know in Linux you can tell IP Tables to blacklist based on the number of connection attempts in a timespan. You can even tell it to blacklist the offending address first for 10 minutes, then 1 hour, then indefinitely (to discern between hackers and fat fingers).

Sadly I’m a windows user… and have found no way to do that with netsh. :frowning: Thank you for the response though.

Don’t be sad.
You can use Local Security Policy in your Windows.
You can make the rules almost whatever you want.

Windows 7’s Local Security Policy.

Also Windows XP, Vista have Local Security Policy.
(the menu is little bit different from Windows 7, but it works fine)

[attachment deleted by admin]

RE: Creasy’s reply

If you can show me where I can define connection attempts and block the offending IP address based upon a failed number of authentication attempts, I’d be grateful. I’ve scoured the entire Windows Firewall with Advanced Security Settings area under Local Security Policy and while I see a place to allow connections to a specific port, I see nothing about banning an IP address based on a number of failed authentications. Most of what a person can do is based upon the IPsec security method (which of course, SSH does not use for connetions).

Oh yah, Happy New Year! ;D