Attack?

Question

Hi, today, in a weekly check on my UTM 9, I noticed that we are receiving thousands of packages from an external ip via port 2074 as an attachment image 
 
 The firewall blocks them but it obviously consumes many resources by doing it. 
 Only yesterday, more than 3 million packages were blocked.

In the UTM, is there anything else I can do to improve the UTM's job in blocking this attack? 
 Tonight I will restart the ISP router but I do not think I can change something. 
 
 Thanks for any suggestion.

Alexander Busch · Accepted Answer

As you do simply drop the package you can't do anything with less impact. Try to find the source of the packages, sometimes the providers do a good job. I had such thing with IPSEC. In the end it was a wrong configured device at the other end. Provider contacted their customer and he corrected this. 
 Sometimes attacks are simply wrong configured devices and their traffics hit's somewhere ;-) 
 
 Best 
 Alex

papali · Answer

I had thought to ask our isp to block somehow this ip, but becasue we have a configuration where our pool of ip public passes transparently on the ISP router and is managed directly from our UTM, the ISP cannot help, otherwise it could have blocked this IP. 
 As suggested by you the problem was a customer device from one of our partners that was incorrectly configured. 
 RTP because was a device that sends audit alerts. 
 Thanks you all for your suggestions, they were very important!!!