Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How do you block cryptominig on Meraki MX?

keewlmer
Conversationalist
‎Aug 1 2019 10:53 AM
‎Aug 1 2019 10:53 AM

How do you block cryptominig on Meraki MX?

Hi,

 

I've been looking through the content filtering categories and it appears that there is no way to block crypto mining sites on the MX. One article claimed it's within the 'Social Media Networking' category and others are manually adding IOC IPs in the mining category.

 

For customers who don't have the Enterprise Umbrella license but want to block a category like 'mining' on their Meraki MX (Advanced Security License), this proves very difficult and mind bugging for their SoHo firewall admins.

 

Any suggestion on options would be appreciated.

 

Cheers!

0 Kudos
Subscribe
5 Replies 5
jdsilva
Kind of a big deal
‎Aug 1 2019 12:00 PM
‎Aug 1 2019 12:00 PM

Are you talking about actual cryptomining, or the hidden browser hijacking crap like coinhive?

 

If it's the latter that's blocked through IDS/IPS (Snort)

 

image.png

 

You can set it up under Security & SD-WAN > Threat protection. Ensure the mode is "Prevention" to actually stop it. I'm not sure which rulesets this is included in, but the example above was taken from a network set to "Balanced".

http://blog.brokennetwork.ca | @jdsilva
Subscribe
In response to jdsilva
keewlmer
Conversationalist
‎Aug 5 2019 6:43 AM
‎Aug 5 2019 6:43 AM

Hi jdsilva,

Thanks for the reply and apologies for the late response. I'm aware the latter is already being blocked when in IPS mode, but the former is what my question is particular about. When you look at FTD (NGFW/NGIPS) and Umbrella, this category is available to be blocked but it appears that Meraki doesn't have that among their Content Filtering categories.

I think this is very important to be present for a Small office Home offices who have already paid a lot for one or more Advanced Security Licenses and can't afford to pay for another professional Umbrella license when Meraki MX can easily supplement or cover that gap for them.

Cheers!
Subscribe
In response to keewlmer
jdsilva
Kind of a big deal
‎Aug 12 2019 8:19 AM
‎Aug 12 2019 8:19 AM

Hey @keewlmer. I think you're correct in that there's no functionality to block legit cryptomining on the Meraki platform outside of the standard firewall rules and content filtering features. You would have to try and use those tools to block the traffic you want blocked. I don't know enough about the cryptomining protocols to be able to help out with that, or to say if it's possible at all. 

http://blog.brokennetwork.ca | @jdsilva
0 Kudos
Subscribe
jese44
Conversationalist
‎Oct 21 2020 10:51 AM
‎Oct 21 2020 10:51 AM

@keewlmer wrote:

Hi,

 

I've been looking through the content filtering categories and it appears that there is no way to block crypto mining sites on the MX. One article claimed it's within the 'Social Media Networking' category and others are manually adding IOC IPs in the mining category.

 

For customers who don't have the Enterprise Umbrella license but want to block a category like 'mining' on their Meraki MX (Advanced Security License), this proves very difficult and mind bugging for their SoHo firewall admins.

 

Any suggestion on options would be appreciated.

 

Cheers!

Have found any solution for that? I am also looking for.

0 Kudos
Subscribe
marshray
New here
‎Oct 2 2023 1:52 PM
‎Oct 2 2023 1:52 PM

  1. Manual IP Blocking:

    • As you mentioned, manually adding known mining IPs to a custom category can be a workaround. Regularly updating this list can help, although it requires constant vigilance to stay ahead of new mining sites.
    • Pros: Direct control over specific IPs, relatively straightforward setup.
    • Cons: Labor-intensive, may not cover all mining sites, requires ongoing maintenance.

  2. DNS Filtering:

    • Use the Meraki MX's built-in content filtering options. While you might not have a specific category for crypto mining, you can block access modification. to known mining domains by configuring custom DNS filtering rules.
    • Pros: Blocks access at the domain level, easier to maintain than IP blocking.
    • Cons: Might not catch all mining sites, effectiveness depends on the accuracy of the DNS filtering list.

  3. Third-Party DNS Filtering:

    • Consider using third-party DNS filtering services that specialize in blocking malicious or undesirable domains, including crypto mining sites. Some of these services offer free plans for basic usage.
    • Pros: More comprehensive domain blocking, regularly updated lists, usually user-friendly.
    • Cons: Might require additional configuration, some services might have limitations on the number of blocked domains in free plans.

  4. Regularly Updated Blocklist:

    • Utilize regularly updated blocklists specifically designed to block crypto mining sites. There are community-driven lists available online that you can incorporate into your Meraki MX configuration.
    • Pros: Community-supported, regularly updated, covers a wide range of mining sites.
    • Cons: Dependency on community updates, might require technical expertise to implement.

  5. Consider Upgrading the License:

    • If blocking crypto mining sites is crucial for your organization's security, consider upgrading to the Enterprise Umbrella license or a similar advanced security license that offers more comprehensive content filtering options.
    • Pros: Comprehensive content filtering, dedicated support, ongoing updates.
    • Cons: Additional cost, might require budget approval.
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.