USG310 Block incoming request of SMTP flood
Hello community!
I've following constellation. A USG310 with three WAN ports. All WAN IP's are listed in the DNS for the MX record. The SMTP port is forwarded to a Mailserver/ SPAM filter.
Now my Problem. Since last week I've many request from a botnet. At first I've blocked over the GEO IP but now I've many request from germany and I can't block all this IPs manually. How can I setup a automatic blocking of IPs that have many requests?
A little push in the right direction would help me! Thanks!
All Replies
-
Really there is no way to block unwanted traffic from wanted traffic.
Do you know if its a port scan or full connect to the server?
If the bot net is doing a port scan per number of ports from one IP and there is no ACK after they send a SYN and you send a SYN, ACK you can use the ADP with scan detection set block period to 3600 for portscan TCP.
0 -
It is a full connect to the Server but will discarded from the DNSBL. A lot of connections per second from different ip addresses.
When it's not possible to block this than it's so.The DNSBL works.
Thanks for your answer!
0 -
AFAIK, the only way to "limit" connections can be set on NAT Sessions, but no parameters can be set except the default number of the sessions or a custom one for a single host.
Also, due to SMTP way to connect, the goal is to have the whole internet to connect to your mailserver, not a whitelist one. So USG IMVHO can not be a good way to manage connections.
Your MTA should have capabilities to discard unwanted connections, and deferring (not refusing) connections when resources of the system or the connection are limited.eMail were never intended as real-time communication, nor is it today.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight