Solved

Sonicwall log Net Spy attack dropped

Posted on 2008-10-28
7
1,261 Views
Last Modified: 2012-05-05
I am running a Sonicwall TZ170 with enhanced OS. When I look at the log I keep getting these logs that say "Net Spy attack dropped" about ever 5 minutes. I did a geographical look-up of the IP's and they all seem to be coming from China. So I started blocking large blocks of IP's for each IP that is logged however they just change to a different block. I am wondering if this is a normal occurrence or if I should be doing something further to stop these. Any advise would be greatly appreciated.
0
Comment
Question by:jriesenw
  • 3
  • 2
7 Comments
 
LVL 4

Expert Comment

by:remarks999
ID: 22841477
Its not normal per se to be attacked so often, but the sonicwall is already dropping (preventing) the traffic. By adding deny rules, you're just being redundant, but no harm there.
0
 

Author Comment

by:jriesenw
ID: 22843028
Would this be something that I should contact my ISP about? Or is it our of there control?
0
 
LVL 4

Accepted Solution

by:
remarks999 earned 250 total points
ID: 22843169
you could try contacting the ISP, but I doubt they'll be able to assist you. They would essentially have to block traffic from China, which I have seen some smaller ISPs do, but its rare. ISP is just passing traffic and ultimately the best thing would be for the parties responsible to stop sending the traffic
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Expert Comment

by:traderfm
ID: 26295748
I have no problems with this question being closed.  However, I have had similar problems/issues and see things like this happen in my sonicwalls as well.  It would be nice for ISP's to block offending traffic but they don't.  I did see in Google email where you could go in and see a long list of countries and choose specific countries to block.  Yahoo does not do this.  My website/email provider does not do this either.  My email/website provider does allow SPECIFIC ADDRESS BLOCKING, but each one has to be entered manually.  This gets very tedious and we get slammed from China/Russia provinces a lot. My question is why can't sonicwall and website/domain providers provide similar blocking BY  LISTING COUNTRIES the way Google does?   This would give users much more control over what comes IN to their sites/email/local traffic by just shutting out a lot of the offending places.  I welcome any place I can go and read more about this or knowing if other sonicwall products at TZ170 level or higher have this capability.
0
 
LVL 4

Expert Comment

by:remarks999
ID: 26297858
Google is a website while the Sonicwall is an actual hardware appliance. If IPs for China change, its easy for Google to change it on their on their web server. Since Sonicwall is an appliance, I would assume they would have to write new firmware for it. Since IPs can change easily and often its understandable why it isn't done.
0
 

Expert Comment

by:traderfm
ID: 26309225
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question