How to create a sample rule for password spraying attacks

Since today we have been experiencing massive password spraying attacks on many Sophos firewalls, especially on the VPN portal, which listens to port 443. Apparently these are attacks from Russia with the IP 92.53.65.166.

How can I create a rule to prevent this? I would be glad if you could help me with an example.

I would be very happy if you could explain with a screenshot.

Added TAGs
[edited by: Raphael Alganes at 11:56 PM (GMT -7) on 8 Sep 2024]

Top Replies

dirkkotte 8 days ago +2 verified

Within "administration / device access / Local service ACL exception rule" you can allow only the needed countries for portal access ... or block russia.

Parents

0 Rob Gibson 8 days ago

I've been getting these for the last couple of days at one of our locations. I tried setting up a block rule for Russia and several other countries but it doesn't seem to be working. I'm going to try dirkkotte suggestion.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 jpha 8 days ago in reply to Rob Gibson

Dirk's block works for me. Firewall rule country blocking does not work for VPN connections! We block now all VPN connections from all suspicious countries under ACL exceptions...
Cancel
Vote Up +2 Vote Down

Sign in to reply

Verify Answer

Reject Answer

Cancel
0 Rob Gibson 7 days ago in reply to jpha

Ya that did the trick. Didn't even know that section was there.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Rob Gibson 7 days ago in reply to jpha

Ya that did the trick. Didn't even know that section was there.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 duzcebelediye bilgiislem 7 days ago in reply to Rob Gibson

I didn't see an option like country there? I typed the IP directly and made a drop, but?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 dirkkotte 6 days ago in reply to duzcebelediye bilgiislem

which version do you use?

With SFOS20.0.2 i can use countries within local ACL-exceptions

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel