I have a few ports open (A, B, C are nonstandard ports that forward to the standard port for the app that responds to those requests on that computer (e.g. B goes to 3389-RDP standard port)
- Port A to Comp1 for a Plex Server
- Port B to Comp 1 for RDP access
- Port C to Comp 2 for RDP access - A RANGE of ports to GRANDSTREAM device for IP phone functionality
I have noticed various Russian IPs, Amazon Web Services from Ireland, and some other IP's trying to get into port 3389 having discovered that Port B is forwarded to 3389 on Comp 1.
I am a small office with 3 computers plus an IP phone (which I may change to a service like phone dot com or something) with limited funds. I have a Dell SonicWall TZ400 a friend gave me sitting in a drawer (because my understanding was that it had monthly or annual fees).
Solution (Short Term) (already implemented)
- I removed that Port forwarding from B because I rarely need to remote access into my Plex Server anymore. So it stopped the requests per the router log on ORBI Pro Router - I left Port C forwarding to 3389 on Comp 2 and Port A to the Plex Server port - I went to Windows Defender on Comp 1 and Comp 2 and blocked IP ranges (did the entire range even though attacks were coming from a few IPs not all of them)
63.34.0.0 -255.255
194.61.0.0 -255.255
5.188.0.0 -255.255
185.153.0.0 -255.255
87.251.0.0 -255.255
94.232.0.0 -255.255
162.125.19.130 (dropbox IP but the log entry was unusual so I blocked it)
Options for Next Steps I see
Just wait and monitor logs to see if new IP ranges try to attack me
Connect SonicWall between ISP and my router - Use it without subscription and manually block IPs using the tools it has (my preferred solution)
Connect SonicWall and subscribe to their 2 or 3-year service at $333 or $310/year (respectively)
Connect SonicWall, subscribe to service, set up a VPN, only allow access through the VPN, hire him to manage the network, etc (recommendation of the IT guy for my friend (that gave me the SonicWall). Seems a little much for a small office like mine, since I am competent enough to manage my own network and it's small.
Request/Questions
Can the SonicWall appliance work well for a small office like mine without subscribing to the service (option 2 above)
Can hackers use the open ports that are going to the Grandstream IP Phone router device to gain access to the computers on my network?
If yes - should I switch to a pure IP phone solution that doesn't connect to a local telecom provider/helper?
Are the ranges I used too broad? (i.e. am I likely to not be able to access some websites because I used broad ranges - particularly the Ireland Amazon Services one).
Thanks in advance for any help you may be able to give!
Model: SRK60B03|Orbi Pro Tri-Band Business WiFi System
