Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 1053 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Drop an External IP hack...

eganders_01
Getting a lot of traffic, maybe a marginal DDoS, from a hacker? from different IP's on an external IP subnet.  So I've read several posts on these forums and now I'm getting a bit confused on the best way to handle.

Setup a firewall rule:
1. Ext IP > Any > Any : Drop,
or 
2. Ext IP > Any > Ext interface(s) : Drop
or something else?

Also, they're sometimes, but not always, going to port 80, and the webproxy is running in transparent mode.  So would the webproxy come before the above rules?  And if so, do we need to setup a DNAT or what?


This thread was automatically locked due to age.
Parents
  • 0
    A DNAT will capture everything first.  See #2 in https://community.sophos.com/products/unified-threat-management/astaroorg/f/51/t/22065.

    If Web Filtering is configured with "Any" or "Internet" in 'Allowed networks', the port 80 traffic could get in through the Proxy, but you probably don't have that.

    I guess you just want to stop the default drops in your Firewall log.  In this case, just make a Firewall rule: '{bad IPs} -> Any -> Any : Drop/Reject'.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    A DNAT will capture everything first.  See #2 in https://community.sophos.com/products/unified-threat-management/astaroorg/f/51/t/22065.

    If Web Filtering is configured with "Any" or "Internet" in 'Allowed networks', the port 80 traffic could get in through the Proxy, but you probably don't have that.

    I guess you just want to stop the default drops in your Firewall log.  In this case, just make a Firewall rule: '{bad IPs} -> Any -> Any : Drop/Reject'.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Cookie Information Banner