match default rule, DROP

stefanocps
stefanocps Posts: 23  Freshman Member
Friend Collector
Hello on my zyxel USG20W-VPN router log i have hundreds of these message, coming from all over. They all point to "routeripaddress:3389" 
I use to have RDP enabled, for now i have disabled just to make sure nothing happen. I also have chnaged the router ip address (it is behind a main router) from xx xx xx xx 5 to xx xx xx 55 and i still see all these attempts pointing at ip ...5, even if router is now ... 55
What can i do to stop all these port scan?
thanks
«1

All Replies

  • stefanocps
    stefanocps Posts: 23  Freshman Member
    Friend Collector
    ok., it looks like i have to reboot. Now no more port attack on the address x.x.x. 5 because my router is on x.x.x.55  
    But i have a problem, the main router forward all the request to the adress x.x.x.5  so now i cano use any service, expecially the remote desktop thai is what i need. I know i could call the provider and ask to change the ip address where all the request should be adressed form 5 to 55...but is there another way to do that?
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    It seems that someone is trying to gain windows access by brute-force attack
    We strongly recommend change port to other port for RDP access or access RDP via VPN connection.
  • stefanocps
    stefanocps Posts: 23  Freshman Member
    Friend Collector
    hello i have already done that, i have 2 pc set on different rdp port already. But event if therre is no more 3389 open , i still can see bruteforce attack
  • lalaland
    lalaland Posts: 90  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Firewall works like a security guard, and it is good if you can see blocked log in firewall.

  • stefanocps
    stefanocps Posts: 23  Freshman Member
    Friend Collector
    lalaland said:
    Firewall works like a security guard, and it is good if you can see blocked log in firewall.

    ok great, i was concerning about all that traffic could slow down or even block my wan traffic
  • stefanocps
    stefanocps Posts: 23  Freshman Member
    Friend Collector
    edited July 2021
    also i have just read about the vulnerability
    https://arstechnica.com/gadgets/2021/06/zyxel-scrambles-to-thwart-active-hacks-targeting-customers-firewalls-and-vpns/

    what shall i do about?

    also when i connect on ssl using secuextender i always get the security warning. Is there a way to eliminate it?
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited July 2021

    Please update firmware to V4.65 or V5.02, link below for your reference.
    As for certificate warning message, this is because the certificate is generated by USG device, and it is a self-signed certificate.
    If you don't want to see warning message pop up, you need to import 3rd party trusted CA signed certificate into our device, and use the certificate as default certificate.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    lalaland said:
    Firewall works like a security guard, and it is good if you can see blocked log in firewall.

    ok great, i was concerning about all that traffic could slow down or even block my wan traffic
    To avoid unnecessary loading/traffic on firewall, we would suggest to check if firewall action is set to deny. By doing so, it will discards packets silently without notification.
  • stefanocps
    stefanocps Posts: 23  Freshman Member
    Friend Collector

    Please update firmware to V4.65 or V5.02, link below for your reference.
    As for certificate warning message, this is because the certificate is generated by USG device, and it is a self-signed certificate.
    If you don't want to see warning message pop up, you need to import 3rd party trusted CA signed certificate into our device, and use the certificate as default certificate.
    wher edo i can get the certificate?do you have a download link?

  • stefanocps
    stefanocps Posts: 23  Freshman Member
    Friend Collector

    Please update firmware to V4.65 or V5.02, link below for your reference.
    As for certificate warning message, this is because the certificate is generated by USG device, and it is a self-signed certificate.
    If you don't want to see warning message pop up, you need to import 3rd party trusted CA signed certificate into our device, and use the certificate as default certificate.
    i can't find the 5.02 for USG20W-VPN

Security Highlight