Hello, today I realized that someone is trying to brute force my RDP Server since a few days.
So I switched of the NAT rule for RDP.
Still the attack keeps going on, the UTM does its work and drops the packets. Since I am getting attacked from multiple IP Adresses, is there anyway to stop this?
Or do I just have to wait until the attacker is stopping it?
Thank you for your thoughts!
Sophos offers a service to assist you for those attacks.
Hallo Bob and welcome to the UTM Community!
Instead of just dropping those 3389 packets, is the attacker dissuaded if you reject the packets?
Agreed with RaveNet about using remote access with 2fa instead of a DNAT.
Cheers - Bob
Hello Balfson, not really, the attack is going on, I turned on Country blocking, this looks for me like it is releasing a lot of workload from the firewall since it has not to drop 20-30 request per second:I want to wait some days until i turn country blocking off to check if i still get a lot of request for :3389
Would you guys suggest that i create a NAT Blackhole and turn country blocking off?
My Firewall log from the last days to compare (country blocking on):
Thank you for your interest!