VPN Exit Nodes Filter

semi_demi_god

In the last year we have seen an increased number of attacks coming from VPN Exit Nodes. Because of this it would be really nice if there was a built in VPN Exit Node Filter just as there are Geo-IP and Botnet Filters.

Attacks from Exit Nodes tend to make up about 70% of the attacks on our networks. Currently we need to manually block each Exit Node's IP as we discover them through attacks. Is anyone else discovering that most of the attacks are coming from VPN Exit Nodes? And how are you dealing with them.

TKWITS

This would be complicated to implement. How many VPN providers are out there? Lots and more keep popping up. So are you proposing a selection based filter like GEOIP so you can block connections from select known providers? Do the known providers publish their exit node addresses? And next month a new one is created, and it takes Sonicwall 3 months to figure out a new one is running, then figure out their exit node addresses, then next firmware release it's finally added to the selection list?

This is the point of VPN providers. They exist to get people around existing blocks, censors, obfuscate them, etc.

I'm not saying it's a bad idea, I just don't see Sonicwall putting the burden on themselves to maintain this. I'm sure they use a 3rd parties GEOIP database.