Go Premium for a chance to win a PS4. Enter to Win


Sonicwall log Net Spy attack dropped

Posted on 2008-10-28
Medium Priority
Last Modified: 2012-05-05
I am running a Sonicwall TZ170 with enhanced OS. When I look at the log I keep getting these logs that say "Net Spy attack dropped" about ever 5 minutes. I did a geographical look-up of the IP's and they all seem to be coming from China. So I started blocking large blocks of IP's for each IP that is logged however they just change to a different block. I am wondering if this is a normal occurrence or if I should be doing something further to stop these. Any advise would be greatly appreciated.
Question by:jriesenw
  • 3
  • 2

Expert Comment

ID: 22841477
Its not normal per se to be attacked so often, but the sonicwall is already dropping (preventing) the traffic. By adding deny rules, you're just being redundant, but no harm there.

Author Comment

ID: 22843028
Would this be something that I should contact my ISP about? Or is it our of there control?

Accepted Solution

remarks999 earned 1000 total points
ID: 22843169
you could try contacting the ISP, but I doubt they'll be able to assist you. They would essentially have to block traffic from China, which I have seen some smaller ISPs do, but its rare. ISP is just passing traffic and ultimately the best thing would be for the parties responsible to stop sending the traffic
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 26295748
I have no problems with this question being closed.  However, I have had similar problems/issues and see things like this happen in my sonicwalls as well.  It would be nice for ISP's to block offending traffic but they don't.  I did see in Google email where you could go in and see a long list of countries and choose specific countries to block.  Yahoo does not do this.  My website/email provider does not do this either.  My email/website provider does allow SPECIFIC ADDRESS BLOCKING, but each one has to be entered manually.  This gets very tedious and we get slammed from China/Russia provinces a lot. My question is why can't sonicwall and website/domain providers provide similar blocking BY  LISTING COUNTRIES the way Google does?   This would give users much more control over what comes IN to their sites/email/local traffic by just shutting out a lot of the offending places.  I welcome any place I can go and read more about this or knowing if other sonicwall products at TZ170 level or higher have this capability.

Expert Comment

ID: 26297858
Google is a website while the Sonicwall is an actual hardware appliance. If IPs for China change, its easy for Google to change it on their on their web server. Since Sonicwall is an appliance, I would assume they would have to write new firmware for it. Since IPs can change easily and often its understandable why it isn't done.

Expert Comment

ID: 26309225

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Netscaler #MSSQL #Load Balance
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question