Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 2755 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Carpet Bombed with email alerts

DanieltThompson
Hi there,

I am a new administrator that has inherited a Sophos UTM 9 installation and we are getting thrashed with port scan alerts. I suspect this is just script kiddies that are now on holiday trying to find a way in, but we are getting hundreds of alerts from the same device for the same source IP.

Is there a way to reduce the amount of alerts that are sent, or the frequency of alerts ( eg, every 50th scan) so I can reduce the amount of alert spamming?

Regards,
New Guy


This thread was automatically locked due to age.
Parents
  • 0
    Hi, and welcome to the User BB!

    Also, you might put in a Firewall rule to reject anything from that IP.  Also, depending on your business, you might want to use Country Blocking.

    Cheers - Bob
    PS Please always remember to state your exact version when posting a question - 9.106-17?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Hi, and welcome to the User BB!

    Also, you might put in a Firewall rule to reject anything from that IP.  Also, depending on your business, you might want to use Country Blocking.

    Cheers - Bob
    PS Please always remember to state your exact version when posting a question - 9.106-17?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML