Solved

Sonicwall log Net Spy attack dropped

Posted on 2008-10-28
7
1,252 Views
Last Modified: 2012-05-05
I am running a Sonicwall TZ170 with enhanced OS. When I look at the log I keep getting these logs that say "Net Spy attack dropped" about ever 5 minutes. I did a geographical look-up of the IP's and they all seem to be coming from China. So I started blocking large blocks of IP's for each IP that is logged however they just change to a different block. I am wondering if this is a normal occurrence or if I should be doing something further to stop these. Any advise would be greatly appreciated.
0
Comment
Question by:jriesenw
  • 3
  • 2
7 Comments
 
LVL 4

Expert Comment

by:remarks999
ID: 22841477
Its not normal per se to be attacked so often, but the sonicwall is already dropping (preventing) the traffic. By adding deny rules, you're just being redundant, but no harm there.
0
 

Author Comment

by:jriesenw
ID: 22843028
Would this be something that I should contact my ISP about? Or is it our of there control?
0
 
LVL 4

Accepted Solution

by:
remarks999 earned 250 total points
ID: 22843169
you could try contacting the ISP, but I doubt they'll be able to assist you. They would essentially have to block traffic from China, which I have seen some smaller ISPs do, but its rare. ISP is just passing traffic and ultimately the best thing would be for the parties responsible to stop sending the traffic
0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 

Expert Comment

by:traderfm
ID: 26295748
I have no problems with this question being closed.  However, I have had similar problems/issues and see things like this happen in my sonicwalls as well.  It would be nice for ISP's to block offending traffic but they don't.  I did see in Google email where you could go in and see a long list of countries and choose specific countries to block.  Yahoo does not do this.  My website/email provider does not do this either.  My email/website provider does allow SPECIFIC ADDRESS BLOCKING, but each one has to be entered manually.  This gets very tedious and we get slammed from China/Russia provinces a lot. My question is why can't sonicwall and website/domain providers provide similar blocking BY  LISTING COUNTRIES the way Google does?   This would give users much more control over what comes IN to their sites/email/local traffic by just shutting out a lot of the offending places.  I welcome any place I can go and read more about this or knowing if other sonicwall products at TZ170 level or higher have this capability.
0
 
LVL 4

Expert Comment

by:remarks999
ID: 26297858
Google is a website while the Sonicwall is an actual hardware appliance. If IPs for China change, its easy for Google to change it on their on their web server. Since Sonicwall is an appliance, I would assume they would have to write new firmware for it. Since IPs can change easily and often its understandable why it isn't done.
0
 

Expert Comment

by:traderfm
ID: 26309225
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now