Comments
-
JesseN | April 12 If helpful for anyone, we've made some headway with a firewall ahead of the SMA, and using tcp connection rate limits (src ip gets blocked above 45 connections/60 seconds right now .. takes some tuning, but 30/60s hit legit traffic for us). Offhand, does anyone have experience with measuring or limiting…
-
For other's reference, in trying to get this issue resolved I logged a support case (44403487) and was directed to contact sonicwall sales, since the solution here is not an implemented feature, and apparently sales handles all feature requests. I followed up with an email to sales requesting this "feature" be added. I'll…
-
This advisory sure sounds like the issue here: https://blog.talosintelligence.com/large-scale-brute-force-activity-targeting-vpns-ssh-services-with-commonly-used-login-credentials/ However in checking a few of those IP's and usernames, it doesn't match what we're seeing right now. I was hoping the IOCs were fairly…
-
If helpful for anyone, we've made some headway with a firewall ahead of the SMA, and using tcp connection rate limits (src ip gets blocked above 45 connections/60 seconds right now .. takes some tuning, but 30/60s hit legit traffic for us). I'm trying various blocklists; you can get TOR exit nodes from…