Sonicwall log Net Spy attack dropped

Posted on 2008-10-28
Last Modified: 2012-05-05
I am running a Sonicwall TZ170 with enhanced OS. When I look at the log I keep getting these logs that say "Net Spy attack dropped" about ever 5 minutes. I did a geographical look-up of the IP's and they all seem to be coming from China. So I started blocking large blocks of IP's for each IP that is logged however they just change to a different block. I am wondering if this is a normal occurrence or if I should be doing something further to stop these. Any advise would be greatly appreciated.
Question by:jriesenw
  • 3
  • 2

Expert Comment

ID: 22841477
Its not normal per se to be attacked so often, but the sonicwall is already dropping (preventing) the traffic. By adding deny rules, you're just being redundant, but no harm there.

Author Comment

ID: 22843028
Would this be something that I should contact my ISP about? Or is it our of there control?

Accepted Solution

remarks999 earned 250 total points
ID: 22843169
you could try contacting the ISP, but I doubt they'll be able to assist you. They would essentially have to block traffic from China, which I have seen some smaller ISPs do, but its rare. ISP is just passing traffic and ultimately the best thing would be for the parties responsible to stop sending the traffic
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline


Expert Comment

ID: 26295748
I have no problems with this question being closed.  However, I have had similar problems/issues and see things like this happen in my sonicwalls as well.  It would be nice for ISP's to block offending traffic but they don't.  I did see in Google email where you could go in and see a long list of countries and choose specific countries to block.  Yahoo does not do this.  My website/email provider does not do this either.  My email/website provider does allow SPECIFIC ADDRESS BLOCKING, but each one has to be entered manually.  This gets very tedious and we get slammed from China/Russia provinces a lot. My question is why can't sonicwall and website/domain providers provide similar blocking BY  LISTING COUNTRIES the way Google does?   This would give users much more control over what comes IN to their sites/email/local traffic by just shutting out a lot of the offending places.  I welcome any place I can go and read more about this or knowing if other sonicwall products at TZ170 level or higher have this capability.

Expert Comment

ID: 26297858
Google is a website while the Sonicwall is an actual hardware appliance. If IPs for China change, its easy for Google to change it on their on their web server. Since Sonicwall is an appliance, I would assume they would have to write new firmware for it. Since IPs can change easily and often its understandable why it isn't done.

Expert Comment

ID: 26309225

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now