VPN attack?

rookierunner
Posts: 16
Freshman Member




Over the past week, I am seeing a significant number of entries in the logs about multiple IP addresses trying to connect into my VPN, showing up as 'Info' priority in the IKE category with a message of "The cookie pair is: ….". I haven't seen this in my logs before. Anyone seen them before and anything I need to do? Seems like they are unsuccessful in connecting but it seems weird that they just started out of the blue.
0
Accepted Solution
-
Hi @rookierunner
Yes, you are correct.
Go to Configuration > Object > Address/GeoIP > Address. and click "Add" button to create address. And then grouping them as an address group.1
All Replies
-
In the default configuration, device allows IKE request from internet.
According your situation, it may come from unknown user who entered wrong address in the VPN proposal.
If the requested address is unknown source IP, you can drop them by policy control rule.
Stanley
0 -
@Zyxel_Stanley,
Thanks for the response! I am assuming that the “unsafe” address group is a custom one that I would define and add specific IP addresses to as they show in my log, correct?0
Categories
- All Categories
- 199 Beta Program
- 1.8K Nebula
- 94 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 52 Switch Ideas
- 919 WirelessLAN
- 28 WLAN Ideas
- 5.4K Consumer Product
- 173 Service & License
- 296 News and Release
- 65 Security Advisories
- 14 Education Center
- 1K FAQ
- 454 Nebula FAQ
- 258 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 22 Consumer Product FAQ
- 70 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 52 Security Highlight