Help, getting attacked

Hello, today I realized that someone is trying to brute force my RDP Server since a few days.

So I switched of the NAT rule for RDP.

Still the attack keeps going on, the UTM does its work and drops the packets. Since I am getting attacked from multiple IP Adresses, is there anyway to stop this?

Or do I just have to wait until the attacker is stopping it?

Thank you for your thoughts!

Parents Reply Children
  • Thank you for the tipp! After a call to the rapid response team, they competent and nicely told me the same like RaveNet, Firewall is doing its job, i shall watch my internal Logs from my servers for auth. attempts (since i turned off rdp NAT, ther are non anymore) and can do nothing.

    Since a lot of these attacks are autmatical it is quite common that your firewall/IP adress is trying to be attacked and the Firewall makes its job.

    Good to know that there is a rapid respones team if there would be a real security break, issue and at least at my phone call sophos team sounds like doing a good job.