Sonicwall log Net Spy attack dropped

Posted on 2008-10-28
Last Modified: 2012-05-05
I am running a Sonicwall TZ170 with enhanced OS. When I look at the log I keep getting these logs that say "Net Spy attack dropped" about ever 5 minutes. I did a geographical look-up of the IP's and they all seem to be coming from China. So I started blocking large blocks of IP's for each IP that is logged however they just change to a different block. I am wondering if this is a normal occurrence or if I should be doing something further to stop these. Any advise would be greatly appreciated.
Question by:jriesenw
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Expert Comment

ID: 22841477
Its not normal per se to be attacked so often, but the sonicwall is already dropping (preventing) the traffic. By adding deny rules, you're just being redundant, but no harm there.

Author Comment

ID: 22843028
Would this be something that I should contact my ISP about? Or is it our of there control?

Accepted Solution

remarks999 earned 250 total points
ID: 22843169
you could try contacting the ISP, but I doubt they'll be able to assist you. They would essentially have to block traffic from China, which I have seen some smaller ISPs do, but its rare. ISP is just passing traffic and ultimately the best thing would be for the parties responsible to stop sending the traffic
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.


Expert Comment

ID: 26295748
I have no problems with this question being closed.  However, I have had similar problems/issues and see things like this happen in my sonicwalls as well.  It would be nice for ISP's to block offending traffic but they don't.  I did see in Google email where you could go in and see a long list of countries and choose specific countries to block.  Yahoo does not do this.  My website/email provider does not do this either.  My email/website provider does allow SPECIFIC ADDRESS BLOCKING, but each one has to be entered manually.  This gets very tedious and we get slammed from China/Russia provinces a lot. My question is why can't sonicwall and website/domain providers provide similar blocking BY  LISTING COUNTRIES the way Google does?   This would give users much more control over what comes IN to their sites/email/local traffic by just shutting out a lot of the offending places.  I welcome any place I can go and read more about this or knowing if other sonicwall products at TZ170 level or higher have this capability.

Expert Comment

ID: 26297858
Google is a website while the Sonicwall is an actual hardware appliance. If IPs for China change, its easy for Google to change it on their on their web server. Since Sonicwall is an appliance, I would assume they would have to write new firmware for it. Since IPs can change easily and often its understandable why it isn't done.

Expert Comment

ID: 26309225

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today -

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question