wow Lv1Posted 2024-Jul-19 12:41
  
Hii guys, thanks for the anser ya
Imran Tahir Lv4Posted 2024-Jul-19 19:45
  
in this way we can block the traffic of whole subnet and IP
mdamores Posted 2024-Jul-19 21:16
  
It looks like you are facing a persistent brute force attack where attempts are continuous  even if the attacker is already added to the global blacklist. You may want to try suggestions below to try mitigating the issue:
1. Review blacklist configuration and ensure that global blacklist is configured correctly and that the IP address of the attacker is blocked.
2. Try updating the firmware of your Sangfor NGAF since in some cases, security patches and improvements are included in the updates
3. Utilize Sangfor Advanced Bot detection features to help you identify and block automated scripts
4. Consider implementing geo-blocking to restrict access if it’s coming from a certain region
5. Try implementing rate limiting to restrict numbers of login attempts from single IP address within a certain timeframe
6.You may try increasing the logging level to gather logs and information about the attack
7. And finally, consult and reach out to Sangfor support for immediate assistance
Sheikh_Shani Lv2Posted 2024-Jul-20 02:36
  
Hello Dear

I understand your concern. You're experiencing a brute force attack on your NGAF web UI, and despite the IP being added to the global blacklist, the attacks continue. This is a security concern, and I'll offer some suggestions to help you address this issue:

1. Verify blacklist configuration: Double-check your global blacklist configuration to ensure it's set up correctly. Make sure the IP address is correctly entered and that the blacklist is enabled.
2. Increase blacklist timeout: Consider increasing the blacklist timeout to prevent the IP from being removed too soon. This will give you more time to investigate and take action.
3. Enable rate limiting: Activate rate limiting on your NGAF web UI to restrict the number of login attempts from a single IP address within a specified time frame.
4. Implement CAPTCHA: Add a CAPTCHA challenge to your NGAF web UI login page to prevent automated brute force attacks.
5. Monitor logs: Closely monitor your NGAF logs to detect and respond to brute force attacks in real-time.
6. Consider a WAF: If you haven't already, consider deploying a Web Application Firewall (WAF) to provide an additional layer of protection against brute force attacks and other web-based threats.

Remember to stay vigilant and continuously monitor your NGAF security to prevent and respond to potential threats. If you need further assistance or have questions, feel free to ask!
Rendy Rinaldy Lv1Posted 2024-Jul-22 15:44
  
This is a common thing when we open a Public IP. If the attacker's public IP does not belong to you, ignore it, but you must strengthen your defenses, one of which is utilizing IP filtering, by limiting access to trusted IPs only, such as closing IPs based on regional countries and closing ports that are not needed.

I Can Help:

Change

Moderator on This Board

11
8
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
138
3

Started Topics

Followers

Follow

Board Leaders