This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Drop or reject

Hi,

I have a DNAT with blackhole IP and FW rule that Drop connections from some bed IP address, now when check the firewall logs I can see from one of those IPs has almost 200000 Drop packages,Tthis is good news, but this means that our UTM still must process the incoming packages from this bed IP and I think this will use valuable resources of the device.

If we use reject instead of Drop at the FW rule, does the UTM still will process the incoming connections from these IPs? or it will just rejrct them without process anything?

Thanks

This thread was automatically locked due to age.

Parents

0 Alexander Busch over 6 years ago

In which time do you see the 200000 packets? Per day / hour / minute / second?

What you should keep in mind is the load of your connection. If you reply to a packet with a reject you have more load in upload direction. Instead a drop you just have the inbound load of the bad IP datastream.

PS Try to get in touch with the provider of the source IP.

Best

Alex

-
Cancel
Vote Up 0 Vote Down

Cancel
0 AreshAreshi over 6 years ago in reply to Alexander Busch

Hi Alexander,

Today after 2 weeks still we see lots of drop connections from this network 46.229.168.0/24 on port 80. In past week only we see 1,669,236 drop connections from this netwrok.
I did some research and find out that lots of people already have reported the IPs of this network.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 AreshAreshi over 6 years ago in reply to Alexander Busch

Hi Alexander,

Today after 2 weeks still we see lots of drop connections from this network 46.229.168.0/24 on port 80. In past week only we see 1,669,236 drop connections from this netwrok.
I did some research and find out that lots of people already have reported the IPs of this network.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data