Hi,

So I have a problem on my network somewhere that is causing me to get blacklsited from time to time.. its a needle in a haystack affair and I am working on this problem however in the mean time.. the CBL blacklist told me...

This was detected by observing this IP attempting to make contact to a Torpig Command and Control server on IP address 64.27.3.4, with contents unique to Torpig C&C command protocols.

Now I would like to block all internal traffic that tries to reach this IP address...

I have setup a Firewall Ip filter for this IP address (config below). Yet I can still ping this address, I expected a ping to fail because of the rule I put in place.. am I missing something stupidly obvious?

Thanks

Antony

Draytek Vigor 3300

Source
IP : Any
Subnet Mask : blank
Port : Blank

Destination
Ip : 64.27.3.4
Subnet Mask : 255.255.255.0
Port : blank

Protocol : Any protocol
Direction : Lan to Wan
Fragment : Do not care
Block or Pass : Block immediately.

Ok,

I found why it wasnt working.. Another admin had created a separate group with a rule stating ALL source ip to ALL destination IP allowed... thus overriding my attempt to block a specific.. and most likely making the router vulnerable

Thanks

Antony