VPN attack?
Options
rookierunner
Posts: 20 Freshman Member
Over the past week, I am seeing a significant number of entries in the logs about multiple IP addresses trying to connect into my VPN, showing up as 'Info' priority in the IKE category with a message of "The cookie pair is: ….". I haven't seen this in my logs before. Anyone seen them before and anything I need to do? Seems like they are unsuccessful in connecting but it seems weird that they just started out of the blue.
0
Accepted Solution
-
Hi @rookierunner
Yes, you are correct.
Go to Configuration > Object > Address/GeoIP > Address. and click "Add" button to create address. And then grouping them as an address group.1
All Replies
-
In the default configuration, device allows IKE request from internet.
According your situation, it may come from unknown user who entered wrong address in the VPN proposal.
If the requested address is unknown source IP, you can drop them by policy control rule.
Stanley
0 -
@Zyxel_Stanley,
Thanks for the response! I am assuming that the “unsafe” address group is a custom one that I would define and add specific IP addresses to as they show in my log, correct?0 -
Hi @rookierunner
Yes, you are correct.
Go to Configuration > Object > Address/GeoIP > Address. and click "Add" button to create address. And then grouping them as an address group.1
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 78 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight