Draytek 2820 Blocking Inbound Ports

We have a number of 2820 and use port redirection to open standard SBS ports. However, the server event logs indicate that there are random hacking attemps over various ports. The attempts are approximately every 1 minute, and are from multiple source IP addresses.

Given that the hack attempts are reaching the server, this would indicate that ports are open on the router. Typically, I would expect all ports to be locked down unless opened for a specific purpose.

Can anyone please advise on how to lock down all ports, and to only allow access to those that are required through port redirection.

Thanks
swan_solutionsAsked:
Who is Participating?
 
swan_solutionsConnect With a Mentor Author Commented:
The way we got around our problem was to change the port being hacked. In this case it was port 3389
0
 
tonyperthCommented:
On the Draytek's as soon as you open or redirect a port that port is open to all IP's.  You need to create  afirewall rule for each port to allow the traffic to where you want it to go and block it for all other locations.  i.e. createa firewall rule for port 25 to your server, then create a rule after that blocking all traffic on port 25.

Cheers,

Tony
0
 
swan_solutionsAuthor Commented:
Are you saying that I should remove all port redirection settings from within NAT and replace them with a 'Filter Rule' within firewall? Or can I block all ports by using a firewall rule, and use this in conjunction with port redirection settings?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
tonyperthCommented:
Use it in conjunction with.
0
 
swan_solutionsAuthor Commented:
OK, I'll give that a go and see if we see a reduction in hack attacks
0
 
swan_solutionsAuthor Commented:
We identified that the problem was associated with a particular port, that was easily remedied by using an alternative port
0
All Courses

From novice to tech pro — start learning today.