43,000+ failed login attempts. Is this normal??

I haven't had any issues with SonicWall GEO-IP filtering. Do I feel safer that the brute force attempts on my open ports were reduced by 80%? Is that a trick question?

Awesome, now you have no idea what usernames are even bring attempted. That, and it's low hanging script kiddie fruit. If you are seriously worried about that being a legitimate avenue of compromise you have much deeper systemic problems with your security posture.

Of course a knowledgeable attacker will use a VPN or other proxy in the US if they really want to knock on my networks. So that means I just shouldn't do GEO-IP filtering?

Yes. You should presume any external network other than your own could be a source of compromise and deal with the problem on a global level. Discriminating via geopolitics is just laughably absurd as a serious way to address security. This isn't a trade embargo.

/r/sysadmin Thread Parent