Sonicwall Problems attacks and intrusions
hvalchanov
Newbie ✭
Hi to all Can someone help me with this i really can't understand what i have to do
Best Answer
-
CORRECT ANSWERMarkD
Cybersecurity Overlord ✭✭✭
You can use the botnet lookup to confirm if sonicwall has it in their database
A check on the first 146.19.125.15 shows it is.
The address is also listed on
Abuse IP
146.19.125.15 | TECHNOX INTERNET TEKNOLOJILERI | AbuseIPDB
And
bl.mailspike.net
Listed
sbl.spamhaus.org
Listed
zen.spamhaus.org
Listed
all.spamrats.com
Listed
it does not appear as an address within the zscaler HUB IP addresses
To exclude selected IPs from this blocking behavior, use exclusion lists
optionally, you can configure an exclusion list of all IPs belonging to the configured address object/address group. All IPs belonging to the list are excluded from being blocked.
To enable an exclusion list, select an address object or address group from the Botnet Exclusion Object list.
The default exclusion object is Default Geo-IP and Botnet Exclusion Group. You can create your own address object or address group object
0
Answers
Review your logs
This is that I see in my logs. But noting help me to stop this. i check all the configuration. How can I stop this messages to treats like Intrusion or attack. The first IP is something that i know. is Zscaler Software that we use
Maybe there are devices in the LAN that have been taken over by a botnet and now there are many attempts to get to them. I also in my TZ370 see a lot of blocks from Botnet - about 180 per month and intrusion about 250 per month. However, here we can see thousands.
Does the Sonicwall GUI have a nice testing window like you showed?
Where is it?
No the internal gui under Device/Diagnostic/GEO and Botnet gives less information