https://community.cisco.com/t5/network-security/asa5505-block-attacks-against-port/m-p/2485057#M268186 Hi, You can report this incident to your ISP Abuse support team. Just give them your firewall logs and they can blackhole the attacking source IP at ISP level. They can also contact the remote admin/ISP to take corrective actions on their network. Sat, 22 Mar 2014 03:01:46 GMT johnlloyd_13 2014-03-22T03:01:46Z https://community.cisco.com/t5/network-security/asa5505-block-attacks-against-port/m-p/2485053#M268182 <P>We have a ASA 5505 that is being hammered on port 3389... Currently the port is set to allow connections from any which needs to stay the same, currently the port is being smashed by a bot that is trying to guess username/password.</P><P>Currently we have basic threat detection enabled and I have now enabled scanning threat detection and Shun hosts for 3600</P><P>Currently we arent being attacked so i cant tell if this helps the situation but what else can I apply to stop this... I estiamted that in a 30minute period over the past evening they spammed 1400 attempts.</P><P>Looking through the logs on the server, the source IP changes so blocking the IP is only a temporary fix.</P><P>Thanks for help in advance.&nbsp;</P> Tue, 12 Mar 2019 03:58:24 GMT https://community.cisco.com/t5/network-security/asa5505-block-attacks-against-port/m-p/2485053#M268182 Kenzie6964 2019-03-12T03:58:24Z https://community.cisco.com/t5/network-security/asa5505-block-attacks-against-port/m-p/2485054#M268183 <P>Anyone?&nbsp;<IMG alt="frown" height="23" src="https://community.cisco.com/profiles/commons/libraries/ckeditor/plugins/smiley/images/confused_smile.png" title="frown" width="23" /></P> Fri, 21 Mar 2014 14:54:01 GMT https://community.cisco.com/t5/network-security/asa5505-block-attacks-against-port/m-p/2485054#M268183 Kenzie6964 2014-03-21T14:54:01Z https://community.cisco.com/t5/network-security/asa5505-block-attacks-against-port/m-p/2485055#M268184 <P>Are they targeting an ip address specifically or a URL? If they're using a URL you could try changing the public address. If you have a spare one</P><P>It's not a great solution but it will buy you some time to come up with something better</P><P>&nbsp;</P><P>Also, you could deny entry to that port, tell your users to use a different port and use NAT to translate the new port to 3389</P><P>Another crap idea but it's all I've got</P> Fri, 21 Mar 2014 15:38:27 GMT https://community.cisco.com/t5/network-security/asa5505-block-attacks-against-port/m-p/2485055#M268184 Tormod Macleod 2014-03-21T15:38:27Z https://community.cisco.com/t5/network-security/asa5505-block-attacks-against-port/m-p/2485056#M268185 <P>They are targetting a IP on port 3389.</P><P>&nbsp;</P><P>Changing the port isnt ideal but if thats what I have to do then I will have to.</P><P>Thanks</P> Fri, 21 Mar 2014 16:05:21 GMT https://community.cisco.com/t5/network-security/asa5505-block-attacks-against-port/m-p/2485056#M268185 Kenzie6964 2014-03-21T16:05:21Z https://community.cisco.com/t5/network-security/asa5505-block-attacks-against-port/m-p/2485057#M268186 Hi, You can report this incident to your ISP Abuse support team. Just give them your firewall logs and they can blackhole the attacking source IP at ISP level. They can also contact the remote admin/ISP to take corrective actions on their network. Sat, 22 Mar 2014 03:01:46 GMT https://community.cisco.com/t5/network-security/asa5505-block-attacks-against-port/m-p/2485057#M268186 johnlloyd_13 2014-03-22T03:01:46Z https://community.cisco.com/t5/network-security/asa5505-block-attacks-against-port/m-p/2485058#M268187 Good Afternoon! It is not a good idea to open up port 3389. It opens up to much risk to your environment. The best option you have, if you need remote access, is to utilize AnyConnect VPN. There are many options that come with the AnyConnect client and is rather easy to configure. Hope this helped out, sorry there really isn't a better answer! Cheers! Ryan Mon, 24 Mar 2014 23:03:49 GMT https://community.cisco.com/t5/network-security/asa5505-block-attacks-against-port/m-p/2485058#M268187 Ryan Cigelske 2014-03-24T23:03:49Z