Hello, today I realized that someone is trying to brute force my RDP Server since a few days.
So I switched of the NAT rule for RDP.
Still the attack keeps going on, the UTM does its work and drops the packets. Since I am getting attacked from multiple IP Adresses, is there anyway to stop this?
Or do I just have to wait until the attacker is stopping it?
Thank you for your thoughts!
Hello Balfson, not really, the attack is going on, I turned on Country blocking, this looks for me like it is releasing a lot of workload from the firewall since it has not to drop 20-30 request per second:
I want to wait some days until i turn country blocking off to check if i still get a lot of request for :3389
Would you guys suggest that i create a NAT Blackhole and turn country blocking off?
My Firewall log from the last days to compare (country blocking on):
Thank you for your interest!
Hello Balfson, not really, the attack is going on, I turned on Country blocking, this looks for me like it is releasing a lot of workload from the firewall since it has not to drop 20-30 request per second:
I want to wait some days until i turn country blocking off to check if i still get a lot of request for :3389
Would you guys suggest that i create a NAT Blackhole and turn country blocking off?
My Firewall log from the last days to compare (country blocking on):
Thank you for your interest!
