English Forums > Intrusion Detection and Prevention

Normal to see 5~10 ip blocks every minute?

(1/1)

torchsong:
I'm new to the OPNsense. So far, loving the lower latency and better WAN/LAN performance.

I enabled Intrusion Detection + IPS. Nothing fancy, just defaults. When I'm checking the log, I see that at least few IPs are being blocked every minute. Most of them are valid attempt to connect to my network, I think. (screenshot attached)

Is this normal? I'm surprised to see this many attempts.

FullyBorked:
This all looks like normal noise to me.  There will always be blocked traffic on external connects. It's not related to suricata.  Short answer this is normal. 

Patrick M. Hausen:
The entire IPv4 Internet is scanned by bots 24x7 - nothing to worry about.

guenti_r:
This is normal when Suricata listen on WAN Interface.
Let Suricata listen only on LAN Interface  :)

Navigation

[0] Message Index