Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 11465 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking a hacker

Damo-82
Hi,
I've just discovered for about the past 4 hours I've had someone trying to access my exchange server. I thought I could put their IP address in as the source on the firewall, service as any, and destination as either any or internal network and then drop the packets.. but it doesn't seem to work...

Can anyone help? - I want to stop this person just incase they happen to gain access...


This thread was automatically locked due to age.
Parents
  • 0
    Once you understand how it works, it's easier like this.  Plus, I think putting the auto rules at the bottom would create too many problems for most admins.  Here's a picture of a Blackhole DNAT on our UTM.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I know this thread is quite old, but what does Sophos do with packets to the "Null Route"? I mean...does Sophos send out packets to it's default route to look for the target (null route)? If so, doesn't this mean, that sophos just do more work instead of just droping the packets?

Reply
  • 0 in reply to BAlfson

    I know this thread is quite old, but what does Sophos do with packets to the "Null Route"? I mean...does Sophos send out packets to it's default route to look for the target (null route)? If so, doesn't this mean, that sophos just do more work instead of just droping the packets?

Children
No Data
Unfiltered HTML