Network Protection: Firewall, NAT, QoS, & IPS How to stop traffic from Mirai botnets?

UTM Firewall requires membership for participation - click to join

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to stop traffic from Mirai botnets?

jlbrown over 2 years ago

My SEIM (AlienVault) is detecting Mirai inbound activity.

Eg:

How can these be stopped at the UTM?

Eg can it get known botnet addresses from the Open Threat Exchange (OTX)?

Thanks, James.

This thread was automatically locked due to age.

Parents

Amodin over 2 years ago

Have you considered using Country Blocking?

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel

Reply

Amodin over 2 years ago

Have you considered using Country Blocking?

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel

Children

jlbrown over 2 years ago in reply to Amodin

Thanks Amodin - we do use country blocking for some countries, but it's a botnet so that won't work.
Cancel
Vote Up 0 Vote Down

Cancel