Hey Everyone,
I am a new user of a Sophos 9.2 software appliance on custom hardware. Once I wrapped my head around the vast array of options, it has been great. A fantastic step up from a generic router and a great learning experience for me. That said, I have a quick question that perhaps someone who works as a network admin might be able to answer.
Ever since I started using this, which is about two weeks now, I have noticed packets "in-the-wild", it seems, from countries with poor reputation for hacking, cybercrime, etc. Namely, I get daily dropped packets (no more than three usually per IP address) from countries like China, Morocco, Vietnam, Hong Kong, and some other suspicious source countries. They are usually targeting services like SSH, MS-SQL, TELNET, etc. Lots of UDP protocol requests dropped too. Clearly, they are making an attempt to see if these ports are open so they can cause havoc, but they are all closed. I don't run any servers behind it either. Most of the time, I don't see a directed port scan in the logs, just dropped packets. No IPS intrusions logged either. Out of around 500K to two million packets served a day, I see only about 7,000 or less dropped.
So, that said, here are my questions:
1. Does running a UTM, like Sophos, attract this kind of traffic over a generic router?
1.a. In that context, does the UTM have a signature that these people look for?
1.b. If so, am I putting my home network at unnecessary risk by running an enterprise grade firewall?
This thread was automatically locked due to age.
