Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
919
Views
0
Helpful
6
Replies

RV340 How to block UDP 500 - thausend requests from outside

webmaster
Level 1
Level 1

‎02-23-2021 07:25 AM

Hi

 

I have noticed thousends of requests coming from IP´s to  my RV340 UDP 500 with invalid requests.

I have tried to create a firewall rule to block this Port for that IP´s but it did not work.

The rule is applied but does not seem to have any effect.

I use site2site VPN´s to 2 IP´s and I whant all other IP´s to be blocked.

Is it possible to block this requests somehow?

 

 

Thanks

 

02-23-2021 16:19:56 Daemon.Info IP 1 2021-02-23T16:19:56+01:00 home charon - - [meta sequenceId="151"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:56 Daemon.Info IP 1 2021-02-23T16:19:56+01:00 home charon - - [meta sequenceId="150"] 03[ENC] header could not be parsed
02-23-2021 16:19:56 Daemon.Info IP 1 2021-02-23T16:19:56+01:00 home charon - - [meta sequenceId="149"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="148"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="147"] 03[ENC] header could not be parsed
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="146"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="145"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="144"] 03[ENC] header could not be parsed
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="143"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="142"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="141"] 03[ENC] header could not be parsed
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="140"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:53 Daemon.Info IP 1 2021-02-23T16:19:53+01:00 home charon - - [meta sequenceId="139"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:53 Daemon.Info IP 1 2021-02-23T16:19:53+01:00 home charon - - [meta sequenceId="138"] 03[ENC] header could not be parsed
02-23-2021 16:19:53 Daemon.Info IP 1 2021-02-23T16:19:53+01:00 home charon - - [meta sequenceId="137"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:52 Daemon.Info IP 1 2021-02-23T16:19:52+01:00 home charon - - [meta sequenceId="136"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:52 Daemon.Info IP 1 2021-02-23T16:19:52+01:00 home charon - - [meta sequenceId="135"] 03[ENC] header could not be parsed
02-23-2021 16:19:52 Daemon.Info IP 1 2021-02-23T16:19:52+01:00 home charon - - [meta sequenceId="134"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:51 Daemon.Info IP 1 2021-02-23T16:19:51+01:00 home charon - - [meta sequenceId="133"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:51 Daemon.Info IP 1 2021-02-23T16:19:51+01:00 home charon - - [meta sequenceId="132"] 03[ENC] header could not be parsed
02-23-2021 16:19:51 Daemon.Info IP 1 2021-02-23T16:19:51+01:00 home charon - - [meta sequenceId="131"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="130"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="129"] 03[ENC] header could not be parsed
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="128"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="127"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="126"] 03[ENC] header could not be parsed
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="125"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="124"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="123"] 03[ENC] header could not be parsed
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="122"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:49 Daemon.Info IP 1 2021-02-23T16:19:49+01:00 home charon - - [meta sequenceId="121"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:49 Daemon.Info IP 1 2021-02-23T16:19:49+01:00 home charon - - [meta sequenceId="120"] 03[ENC] header could not be parsed
02-23-2021 16:19:49 Daemon.Info IP 1 2021-02-23T16:19:49+01:00 home charon - - [meta sequenceId="119"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:49 Daemon.Info IP 1 2021-02-23T16:19:49+01:00 home charon - - [meta sequenceId="118"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:49 Daemon.Info IP 1 2021-02-23T16:19:49+01:00 home charon - - [meta sequenceId="117"] 03[ENC] header could not be parsed
02-23-2021 16:19:49 Daemon.Info IP 1 2021-02-23T16:19:49+01:00 home charon - - [meta sequenceId="116"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:47 Daemon.Info IP 1 2021-02-23T16:19:47+01:00 home charon - - [meta sequenceId="115"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:47 Daemon.Info IP 1 2021-02-23T16:19:47+01:00 home charon - - [meta sequenceId="114"] 03[ENC] header could not be parsed
02-23-2021 16:19:47 Daemon.Info IP 1 2021-02-23T16:19:47+01:00 home charon - - [meta sequenceId="113"] 03[ENC] not enough input to parse rule 2 U_INT_8

Labels:
0 Helpful
6 Replies 6

Tyson Joachims
Spotlight
Spotlight

‎02-23-2021 09:16 AM

What did your firewall rule(s) look like that you tried to block UDP 500?

0 Helpful

webmaster
Level 1
Level 1
In response to Tyson Joachims

‎02-23-2021 09:51 AM

Unbenannt.JPG

0 Helpful

Tyson Joachims
Spotlight
Spotlight
In response to webmaster

‎02-23-2021 09:57 AM

This was applied inbound on your Internet facing address and it didn't break your site-to-site tunnels?

0 Helpful

webmaster
Level 1
Level 1
In response to Tyson Joachims

‎02-23-2021 10:06 AM

Correct - I still get incomming packages and my site2site VPN´s to outside destinations still work.

So it seems it does not have any impact.

0 Helpful

Tyson Joachims
Spotlight
Spotlight

‎02-23-2021 10:10 AM

Try adding UDP 4500 to your block rule

0 Helpful

webmaster
Level 1
Level 1
In response to Tyson Joachims

‎02-23-2021 10:43 AM

I also added 

IPSEC-UDP-ENCAP
UDP
4500

to a second deny rule - bit still packages coming in from the outside world.
So the rules do not have any affect on ipsec ports.

0 Helpful
Customers Also Viewed These Support Documents