Meraki

Community

How do you block cryptominig on Meraki MX?

keewlmer
Conversationalist
‎Aug 1 2019 10:53 AM
‎Aug 1 2019 10:53 AM

How do you block cryptominig on Meraki MX?

Hi,

 

I've been looking through the content filtering categories and it appears that there is no way to block crypto mining sites on the MX. One article claimed it's within the 'Social Media Networking' category and others are manually adding IOC IPs in the mining category.

 

For customers who don't have the Enterprise Umbrella license but want to block a category like 'mining' on their Meraki MX (Advanced Security License), this proves very difficult and mind bugging for their SoHo firewall admins.

 

Any suggestion on options would be appreciated.

 

Cheers!

0 Kudos
4 Replies 4
jdsilva
Kind of a big deal
‎Aug 1 2019 12:00 PM
‎Aug 1 2019 12:00 PM

Are you talking about actual cryptomining, or the hidden browser hijacking crap like coinhive?

 

If it's the latter that's blocked through IDS/IPS (Snort)

 

image.png

 

You can set it up under Security & SD-WAN > Threat protection. Ensure the mode is "Prevention" to actually stop it. I'm not sure which rulesets this is included in, but the example above was taken from a network set to "Balanced".

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
keewlmer
Conversationalist
‎Aug 5 2019 6:43 AM
‎Aug 5 2019 6:43 AM

Hi jdsilva,

Thanks for the reply and apologies for the late response. I'm aware the latter is already being blocked when in IPS mode, but the former is what my question is particular about. When you look at FTD (NGFW/NGIPS) and Umbrella, this category is available to be blocked but it appears that Meraki doesn't have that among their Content Filtering categories.

I think this is very important to be present for a Small office Home offices who have already paid a lot for one or more Advanced Security Licenses and can't afford to pay for another professional Umbrella license when Meraki MX can easily supplement or cover that gap for them.

Cheers!
In response to keewlmer
jdsilva
Kind of a big deal
‎Aug 12 2019 8:19 AM
‎Aug 12 2019 8:19 AM

Hey @keewlmer. I think you're correct in that there's no functionality to block legit cryptomining on the Meraki platform outside of the standard firewall rules and content filtering features. You would have to try and use those tools to block the traffic you want blocked. I don't know enough about the cryptomining protocols to be able to help out with that, or to say if it's possible at all. 

http://blog.brokennetwork.ca | @jdsilva
0 Kudos
jese44
Conversationalist
‎Oct 21 2020 10:51 AM
‎Oct 21 2020 10:51 AM

@keewlmer wrote:

Hi,

 

I've been looking through the content filtering categories and it appears that there is no way to block crypto mining sites on the MX. One article claimed it's within the 'Social Media Networking' category and others are manually adding IOC IPs in the mining category.

 

For customers who don't have the Enterprise Umbrella license but want to block a category like 'mining' on their Meraki MX (Advanced Security License), this proves very difficult and mind bugging for their SoHo firewall admins.

 

Any suggestion on options would be appreciated.

 

Cheers!

Have found any solution for that? I am also looking for.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.