Hello, today I realized that someone is trying to brute force my RDP Server since a few days.
So I switched of the NAT rule for RDP.
Still the attack keeps going on, the UTM does its work and drops the packets. Since I am getting attacked from multiple IP Adresses, is there anyway to stop this?
Or do I just have to wait until the attacker is stopping it?
Thank you for your thoughts!
Sophos offers a service to assist you for those attacks.
Thank you for the tipp! After a call to the rapid response team, they competent and nicely told me the same like RaveNet, Firewall is doing its job, i shall watch my internal Logs from my servers for auth. attempts (since i turned off rdp NAT, ther are non anymore) and can do nothing.
Since a lot of these attacks are autmatical it is quite common that your firewall/IP adress is trying to be attacked and the Firewall makes its job.
Good to know that there is a rapid respones team if there would be a real security break, issue and at least at my phone call sophos team sounds like doing a good job.