Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 360 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting brute force admin access attack from WAN but access is turned off?

AllanD

Got a bunch of alerts this morning that are a little concerning.  Here is one of them:

The issue is this is coming from our WAN port, a external IP address, but we have had all that access turned off since the initial install:

Why would this be happening?



This thread was automatically locked due to age.
Parents
  • +1

    Hi   Please click on detailed view and search for the IP 174.207.35.41 to see all module logs and that will give more info for failed attempt events, may be possible VPN attempt login is getting failed and an alert has been triggered. Please also ensure inside local ACL no specific rule there to allow login for specific outside IP for SSH or Web admin.




    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Vishal_R

    Thank-you Vishal - That helped me a lot.  Turns out it was something trying to brute force it's way into a internal website that is being protected by WAF / Forms without Passthrough on the firewall which is why the alert was coming through on there as that was blocking it. 

Reply
  • 0 in reply to Vishal_R

    Thank-you Vishal - That helped me a lot.  Turns out it was something trying to brute force it's way into a internal website that is being protected by WAF / Forms without Passthrough on the firewall which is why the alert was coming through on there as that was blocking it. 

Children
Unfiltered HTML