IDP

2»

All Replies

  • Wojtek
    Wojtek Posts: 18 image  Freshman Member
    First Answer First Comment Sixth Anniversary
    Hi Balazs.
    Are these problems fixed in firmware v4.60?

    Regards
    Wojtek


  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034 image  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    @Wojtek
    The solution of this case has been included in firmware v 4.60.
    You can check this Link.
  • Wojtek
    Wojtek Posts: 18 image  Freshman Member
    First Answer First Comment Sixth Anniversary
    Thank you for the information.

    Regards
    Wojtek
  • Pavel
    Pavel Posts: 112 image  Ally Member
    First Comment Friend Collector Fourth Anniversary
    4,6 have a some big problem with rdp brute force attack recognition .
  • dkyeager
    dkyeager Posts: 71 image  Ally Member
    First Comment Friend Collector Sixth Anniversary
    Pavel said:
    4,6 have a some big problem with rdp brute force attack recognition .

    Any further references to this?  Last night the 4.6 update disappeared from the Zyxel download section, but today it is back.  Thanks.
  • Pavel
    Pavel Posts: 112 image  Ally Member
    First Comment Friend Collector Fourth Anniversary
    edited December 2020
    have a bad IP -185.193.88.29. Information about IP  https://www.abuseipdb.com/check/185.193.88.29
    Screenshots - crop1 и crop2.
    At screenshots we can see attack time and time at victim computer.
    This activity continues last week, and Flex 200 don't  identity or block attack or attacker.
    Sorry for Language, native is russian.
    4.60 or 4.55 - It doesn't matter.
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,398 image  Guru Member
    100 Answers 1000 Comments Friend Collector Eighth Anniversary

    Hi @Pavel

    IDP function will inspection examine OSI layer 4~7 packets content for malicious data.

    If packets is detected malicious data, then will block by IDP function.


    As your screen shot, it looks the traffic is legal but in wrong password.

    You may change your service port on WAN side(port forwarding rule) to prevent this kind of attack.

  • Pavel
    Pavel Posts: 112 image  Ally Member
    First Comment Friend Collector Fourth Anniversary
    edited December 2020
    Zyxel_Stanley said:

    Hi @Pavel

    IDP function will inspection examine OSI layer 4~7 packets content for malicious data.

    If packets is detected malicious data, then will block by IDP function.


    As your screen shot, it looks the traffic is legal but in wrong password.

    You may change your service port on WAN side(port forwarding rule) to prevent this kind of attack.

    yes, i change port - bruteforce , change port again - bruteforce .
    Easy redirect port to pfsense (suricata) - attacker is blocked.
    Maybe in USG need change something ?
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,398 image  Guru Member
    100 Answers 1000 Comments Friend Collector Eighth Anniversary

    Hi @Pavel
    In IDP service, there are many signatures related to Remote Desktop attack.

    Is there any IDP detect log showing up during your RDP was attacked?


  • Pavel
    Pavel Posts: 112 image  Ally Member
    First Comment Friend Collector Fourth Anniversary
    edited December 2020
    yes. many,many,many signature .
    BUT idp not detect.
    dash - attacker IP and service RDP
    mikrot - forward packet to computer
    victim,victim2,victim3 - screenshot from target computer
    P.S.
    Small question - why Microsoft Remote Desktop in Linux FreeBSD Platform ? :))))))))))))))))
    In Russian forum no answer . :)))))))))))


Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)