This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How can I blackball a subnet and stop the UTM from spamming me?

I run UTM 9.350-12 with a Home license.  The UTM sends me email notifications whenever certain suspicious ectivity occurs, and if I  see one particular address or subnet appear more than a couple of times, I add them to my list of "Known offenders," which gets excluded from any NATing and unceremoniously dropped.  In the past, this has always been the end of it, but recently I appear to have attracted the attention of one very persistent group of port scanners.  They're all originating ftom a single subnet, and I've added that subnet to my "Known Offenders" list, but I still continue to receive 32 email messages every time they scan me again, and this happens up to a couple of dozen times per day.

My inbox is a sea of "Portscan detected" emails!  When reading at my desktop, it's not too much of an imposition, though it is annoying, but it's a right royal PITA when trying to read email on my phone.

I've asked in the past whether there's a way to limit the number of emails generated by port scans even further (just one or two would be great - thirty-two seems like overkill), but was informed that was not possible, so I'm wondering if there's a way to turn off notifications altogether for a given list of addresses.  Frankly, I'm not sure that that's even a good idea - although I am confident that they're not going to get in, I'm not sure that it's wise to turn off all notifications about them.  Ideally I'd like to turn off just the portscan spam and continue to get alerted if they escalate to something new.

Any thoughts and/or suggestions?



This thread was automatically locked due to age.
Parents
  • Hi,
    You will need to set a block/drop rule for both the external address and the external interface.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hi,
    You will need to set a block/drop rule for both the external address and the external interface.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data