match default rule, DROP
stefanocps
Posts: 23 Freshman Member
in Security
Hello on my zyxel USG20W-VPN router log i have hundreds of these message, coming from all over. They all point to "routeripaddress:3389"
I use to have RDP enabled, for now i have disabled just to make sure nothing happen. I also have chnaged the router ip address (it is behind a main router) from xx xx xx xx 5 to xx xx xx 55 and i still see all these attempts pointing at ip ...5, even if router is now ... 55
What can i do to stop all these port scan?
thanks
I use to have RDP enabled, for now i have disabled just to make sure nothing happen. I also have chnaged the router ip address (it is behind a main router) from xx xx xx xx 5 to xx xx xx 55 and i still see all these attempts pointing at ip ...5, even if router is now ... 55
What can i do to stop all these port scan?
thanks
0
All Replies
-
ok., it looks like i have to reboot. Now no more port attack on the address x.x.x. 5 because my router is on x.x.x.55
But i have a problem, the main router forward all the request to the adress x.x.x.5 so now i cano use any service, expecially the remote desktop thai is what i need. I know i could call the provider and ask to change the ip address where all the request should be adressed form 5 to 55...but is there another way to do that?0 -
Hi @stefanocps,It seems that someone is trying to gain windows access by brute-force attackWe strongly recommend change port to other port for RDP access or access RDP via VPN connection.0
-
hello i have already done that, i have 2 pc set on different rdp port already. But event if therre is no more 3389 open , i still can see bruteforce attack0
-
Firewall works like a security guard, and it is good if you can see blocked log in firewall.0
-
lalaland said:Firewall works like a security guard, and it is good if you can see blocked log in firewall.0
-
also i have just read about the vulnerability
https://arstechnica.com/gadgets/2021/06/zyxel-scrambles-to-thwart-active-hacks-targeting-customers-firewalls-and-vpns/
what shall i do about?
also when i connect on ssl using secuextender i always get the security warning. Is there a way to eliminate it?0 -
Hi @stefanocps,Please update firmware to V4.65 or V5.02, link below for your reference.As for certificate warning message, this is because the certificate is generated by USG device, and it is a self-signed certificate.If you don't want to see warning message pop up, you need to import 3rd party trusted CA signed certificate into our device, and use the certificate as default certificate.0
-
stefanocps said:lalaland said:Firewall works like a security guard, and it is good if you can see blocked log in firewall.
0 -
Zyxel_Cooldia said:Hi @stefanocps,Please update firmware to V4.65 or V5.02, link below for your reference.As for certificate warning message, this is because the certificate is generated by USG device, and it is a self-signed certificate.If you don't want to see warning message pop up, you need to import 3rd party trusted CA signed certificate into our device, and use the certificate as default certificate.
0 -
Zyxel_Cooldia said:Hi @stefanocps,Please update firmware to V4.65 or V5.02, link below for your reference.As for certificate warning message, this is because the certificate is generated by USG device, and it is a self-signed certificate.If you don't want to see warning message pop up, you need to import 3rd party trusted CA signed certificate into our device, and use the certificate as default certificate.0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight