How to create a sample rule for password spraying attacks

Question

Since today we have been experiencing massive password spraying attacks on many Sophos firewalls, especially on the VPN portal, which listens to port 443. Apparently these are attacks from Russia with the IP 92.53.65.166.

How can I create a rule to prevent this? I would be glad if you could help me with an example.

I would be very happy if you could explain with a screenshot.

This thread was automatically locked due to age.

dirkkotte · Accepted Answer

Within "administration / device access / Local service ACL exception rule" you can allow only the needed countries for portal access ... or block russia.

jpha · Answer

Dirk's block works for me. Firewall rule country blocking does not work for VPN connections! We block now all VPN connections from all suspicious countries under ACL exceptions...

How to create a sample rule for password spraying attacks

Top Replies