Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


Blocking Hacking Attempts

smercuriosmercurio Newbie ✭

I'm not sure if this question should be in this forum or one of the firewall forums, but given that this is being done via SSL VPN, I figured to try here first.

We have a TZ 370 and are using SSL VPN for VPN connections via NetExtender.

Since yesterday I've been trying to deal with repeated attempts to hack into our network via SSL VPN. Whoever's doing it is either using NetExtender or a substitute. They're not succeeding, but the problem is that they're chewing up license usage, preventing legitimate VPN access. I can tell these are hacking attempts since the usernames are wrong or they're trying to use names like "it" and "contract".

What I've done to try to stem the tide:

  1. Enabled Geo-IP filter
  2. Enabled IPS for High Priority and Medium Priority and turned it on for the SSLVPN zone.
  3. Changed the SSL Server domain name from the default "LocalDomain"

Unfortunately, this all seems to have only been partially successful. The Geo-IP filter basically knocked out all the attempts that were being routed through overseas routers. Those that had US IP addresses were still occurring. I would have thought that (3) would have done something since if I use NetExtender and enter the wrong domain name, it errors out right away. In the Network → SSL VPN → Status screen I see the connection attempt, but it quickly goes away. The login attempts appear to know that the domain name has changed - how?

Is there anything else that we could do?

Category: SSL VPN


Sign In or Register to comment.