Malicious IP address log sudden increasein traffic

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Malicious IP address log sudden increasein traffic

L0 Member

Our Malicious IP Traffic Alert typically registers a few dozen hits a day. However over the last weekend this has suddenly increased to a couple of thousand a day. I cannot see anything different apart from the quantity. The IP addresses are the same or from the same subnet.  Should I just leave it or what actions would you suggest.

2 REPLIES 2

L2 Linker

Are you seeing these hits in a security policy. Probably using the PAN "malicious IPs"  dynamic address group?  Have you tried configuring a "Zone Protection Profile".  The default action is alert but you can configure it to drop or even drop for X minutes. If you are being scanned there is not much you can do other than drop the packets. If this was my network I would look at threat logs and try to determine what resource they are attacking. You probably have something exposed that has a vulnerability.

Yes they are set up to be dropped and that is working. It has always worked, its just that there has been a sudden and dramatic increase in these types of alerts so I am wondering if there is something else I should be alert to , as you mentioned, something exposed that has piqued some external interest.

  • 1905 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!