match default rule, DROP

stefanocps

Hello on my zyxel USG20W-VPN router log i have hundreds of these message, coming from all over. They all point to "routeripaddress:3389" 
I use to have RDP enabled, for now i have disabled just to make sure nothing happen. I also have chnaged the router ip address (it is behind a main router) from xx xx xx xx 5 to xx xx xx 55 and i still see all these attempts pointing at ip ...5, even if router is now ... 55
What can i do to stop all these port scan?
thanks

stefanocps

ok., it looks like i have to reboot. Now no more port attack on the address x.x.x. 5 because my router is on x.x.x.55  
But i have a problem, the main router forward all the request to the adress x.x.x.5  so now i cano use any service, expecially the remote desktop thai is what i need. I know i could call the provider and ask to change the ip address where all the request should be adressed form 5 to 55...but is there another way to do that?

Zyxel_Cooldia

Hi @stefanocps,

It seems that someone is trying to gain windows access by brute-force attack

We strongly recommend change port to other port for RDP access or access RDP via VPN connection.

stefanocps

hello i have already done that, i have 2 pc set on different rdp port already. But event if therre is no more 3389 open , i still can see bruteforce attack

lalaland

Firewall works like a security guard, and it is good if you can see blocked log in firewall.

stefanocps

lalaland said:

Firewall works like a security guard, and it is good if you can see blocked log in firewall.

ok great, i was concerning about all that traffic could slow down or even block my wan traffic

stefanocps

also i have just read about the vulnerability
https://arstechnica.com/gadgets/2021/06/zyxel-scrambles-to-thwart-active-hacks-targeting-customers-firewalls-and-vpns/

what shall i do about?

also when i connect on ssl using secuextender i always get the security warning. Is there a way to eliminate it?

Zyxel_Cooldia

Hi @stefanocps,

Please update firmware to V4.65 or V5.02, link below for your reference.

https://community.zyxel.com/en/discussion/11061/zld4-65-5-02-firmware-release/p1

As for certificate warning message, this is because the certificate is generated by USG device, and it is a self-signed certificate.

If you don't want to see warning message pop up, you need to import 3rd party trusted CA signed certificate into our device, and use the certificate as default certificate.

Zyxel_Cooldia

stefanocps said:

lalaland said:

Firewall works like a security guard, and it is good if you can see blocked log in firewall.

ok great, i was concerning about all that traffic could slow down or even block my wan traffic

To avoid unnecessary loading/traffic on firewall, we would suggest to check if firewall action is set to deny. By doing so, it will discards packets silently without notification.

stefanocps

Zyxel_Cooldia said:

Hi @stefanocps,

Please update firmware to V4.65 or V5.02, link below for your reference.

https://community.zyxel.com/en/discussion/11061/zld4-65-5-02-firmware-release/p1

As for certificate warning message, this is because the certificate is generated by USG device, and it is a self-signed certificate.

If you don't want to see warning message pop up, you need to import 3rd party trusted CA signed certificate into our device, and use the certificate as default certificate.

wher edo i can get the certificate?do you have a download link?

stefanocps

Zyxel_Cooldia said:

Hi @stefanocps,

Please update firmware to V4.65 or V5.02, link below for your reference.

https://community.zyxel.com/en/discussion/11061/zld4-65-5-02-firmware-release/p1

As for certificate warning message, this is because the certificate is generated by USG device, and it is a self-signed certificate.

If you don't want to see warning message pop up, you need to import 3rd party trusted CA signed certificate into our device, and use the certificate as default certificate.

i can't find the 5.02 for USG20W-VPN