I just installed OPNsense on a 8gb mini pc that I am using as a router behind an ATT BGW210-700 router in passthrough mode. I know a *little* about firewalls and routers, but am a complete noob to OPNsense.
I recently received a couple of notifications from ATT that scanning attacks on OPNsense had been blocked. I mean, this happened just a couple of hours after I installed it. It could be just normal malicious scanning, or some misconfiguration on my part, but I thought I'd ask the issue here for feedback.
This is what ATT sent (each attempt was from a different IP):
Device
OPNsense
Description
We blocked a scanning attack on OPNsense. Scanning attacks attempt to discover vulnerable communication channels that can be then used to control the device.
Recommendation
Always choose a strong default password that is alphanumeric, with uppercase and lowercase characters. If this site has been flagged by mistake, select Allow Access below to add it to your exceptions list. Note: By adding a site to this list, you won't be warned about any future threats related to it.
Blocked IP
89.248.165.55
Hmmm
IP Lookup : 89.248.165.55
Latitude 51.4964 / 51°29′47″ N
Longitude -0.1224 / 0°7′20″ W
Continent Europe
Country 🇬🇧 United Kingdom (GB)
State
City
Postcode
Timezone Europe/London
Local Time Tue, 08 Feb 2022 10:31:16 +0000
ISP IP Volume inc
Organization IP Volume inc
IP Connection Type Cable/DSL
ASN 202425 / IP Volume inc
PTR Record recyber.net
recyber.net :
The Recyber Project is used by various researchers, universities and other educational instutions.
?