IDP

Options
2»

All Replies

  • Wojtek
    Wojtek Posts: 17  Freshman Member
    First Anniversary 10 Comments First Answer
    Options
    Hi Balazs.
    Are these problems fixed in firmware v4.60?

    Regards
    Wojtek


  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Options
    @Wojtek
    The solution of this case has been included in firmware v 4.60.
    You can check this Link.
  • Wojtek
    Wojtek Posts: 17  Freshman Member
    First Anniversary 10 Comments First Answer
    Options
    Thank you for the information.

    Regards
    Wojtek

  • Pavel
    Pavel Posts: 112  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options
    4,6 have a some big problem with rdp brute force attack recognition .
  • dkyeager
    dkyeager Posts: 70  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options
    Pavel said:
    4,6 have a some big problem with rdp brute force attack recognition .

    Any further references to this?  Last night the 4.6 update disappeared from the Zyxel download section, but today it is back.  Thanks.
  • Pavel
    Pavel Posts: 112  Ally Member
    First Anniversary 10 Comments Friend Collector
    edited December 2020
    Options
    have a bad IP -185.193.88.29. Information about IP  https://www.abuseipdb.com/check/185.193.88.29
    Screenshots - crop1 и crop2.
    At screenshots we can see attack time and time at victim computer.
    This activity continues last week, and Flex 200 don't  identity or block attack or attacker.
    Sorry for Language, native is russian.
    4.60 or 4.55 - It doesn't matter.
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,374  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Pavel

    IDP function will inspection examine OSI layer 4~7 packets content for malicious data.

    If packets is detected malicious data, then will block by IDP function.


    As your screen shot, it looks the traffic is legal but in wrong password.

    You may change your service port on WAN side(port forwarding rule) to prevent this kind of attack.

  • Pavel
    Pavel Posts: 112  Ally Member
    First Anniversary 10 Comments Friend Collector
    edited December 2020
    Options

    Hi @Pavel

    IDP function will inspection examine OSI layer 4~7 packets content for malicious data.

    If packets is detected malicious data, then will block by IDP function.


    As your screen shot, it looks the traffic is legal but in wrong password.

    You may change your service port on WAN side(port forwarding rule) to prevent this kind of attack.

    yes, i change port - bruteforce , change port again - bruteforce .
    Easy redirect port to pfsense (suricata) - attacker is blocked.
    Maybe in USG need change something ?
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,374  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Pavel
    In IDP service, there are many signatures related to Remote Desktop attack.

    Is there any IDP detect log showing up during your RDP was attacked?


  • Pavel
    Pavel Posts: 112  Ally Member
    First Anniversary 10 Comments Friend Collector
    edited December 2020
    Options
    yes. many,many,many signature .
    BUT idp not detect.
    dash - attacker IP and service RDP
    mikrot - forward packet to computer
    victim,victim2,victim3 - screenshot from target computer
    P.S.
    Small question - why Microsoft Remote Desktop in Linux FreeBSD Platform ? :))))))))))))))))
    In Russian forum no answer . :)))))))))))


Security Highlight