VPN attack?
rookierunner
Posts: 23 
Freshman Member
Freshman Member
Over the past week, I am seeing a significant number of entries in the logs about multiple IP addresses trying to connect into my VPN, showing up as 'Info' priority in the IKE category with a message of "The cookie pair is: ….". I haven't seen this in my logs before. Anyone seen them before and anything I need to do? Seems like they are unsuccessful in connecting but it seems weird that they just started out of the blue.
0
Accepted Solution
-
Hi @rookierunner
Yes, you are correct.
Go to Configuration > Object > Address/GeoIP > Address. and click "Add" button to create address. And then grouping them as an address group.
1
Zyxel Employee
All Replies
-
In the default configuration, device allows IKE request from internet.
According your situation, it may come from unknown user who entered wrong address in the VPN proposal.
If the requested address is unknown source IP, you can drop them by policy control rule.
Stanley
0 -
@Zyxel_Stanley,
Thanks for the response! I am assuming that the “unsafe” address group is a custom one that I would define and add specific IP addresses to as they show in my log, correct?0 -
Hi @rookierunner
Yes, you are correct.
Go to Configuration > Object > Address/GeoIP > Address. and click "Add" button to create address. And then grouping them as an address group.1
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 101 Nebula Status and Incidents
- 5.8K Security
- 296 USG FLEX H Series
- 281 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight
