[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 264
  • Last Modified:

Watchgaurd 750e DoS (denial of service) attack

My watchgaurd 750e began blocking all inbound and outbound traffic.  The logs were saying that a DoS (denail of service) attack was occuring.  I do not know how to allow traffic back in through the Watchgaurd.  I had to pull out another linksys and I am really dissapointed that my Watchgaurd is sitting there.  I paid to have a company help me configure it but they said to call watchguard for support.  Does anyone know what I can do without having to call Watchguard?

How do I allow traffic in again?  

0
afsanchez001
Asked:
afsanchez001
2 Solutions
 
dpk_walCommented:
Normally after the attack is stopped the box would resume working again without doing anything; if for some reason it is in HUNG state, rebooting the device would help.

One more thing, if you see one/few specific IP in repetition in logs, you can also ask your ISP to block traffic to you from those IP addresses.

As you have linksys in place of WG and it is working, it appears to me that the DoS attack is no longer in progression and it would be fine to put WG back into action.

Please check and advice.
0
 
hstilesCommented:
Under setup, intrusion prevention, default pacet handling, there is a setting called

'auto-block source of packets not handled'.

It is quite possible that your firebox is blocking your ISP's router as a result of this setting, so disable it.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now