This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Brute Force Attack

I’ve just checked my deleted items folder and I have loads of failed logins from the RED device from random public IP’s using different user names. This “seems” to point to someone trying to gain access to the RED device which could be pretty bad as it’s hooked up to a customer's live network.

Is there anything we can do to down the connection to the client whilst not in use and still have management access to RED?

This thread was automatically locked due to age.

0 Scott_Klassen over 9 years ago

To the RED or through the RED? Leads one to assume that somewhere in your configuration, there may be an Any in allowed networks, where you should only be allowing a more granular set of hosts/networks. Maybe Block Password Guessing at Definitions & Users > Authentication Services > Advanced. Hard to tell without seeing the specifics of the alert and possibly log information.

Is there anything we can do to down the connection to the client whilst not in use and still have management access to RED?
Well, you don't actually have direct management access to your RED. The way it works is when you make a RED configuration change on your UTM, it is written to Sophos configuration servers and that is where the RED gets the change from.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 9 years ago

Hi, and welcome to the User BB!

loads of failed logins from the RED device from random public IP’s using different user names.

If you need more help than Scott gave above, show us an example of the message.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel