Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: securityconscious on June 06, 2022, 07:05:03 AM

Title: What rules should I make to find short lived connections?
Post by: securityconscious on June 06, 2022, 07:05:03 AM
What rules should I make to find short lived connections like ones made by malware?
Title: Re: What rules should I make to find short lived connections?
Post by: EdwinKM on June 06, 2022, 11:31:02 AM
a firewall rule is permanent. Is this for prevention or are you investigating something?
Malware sessions are from inside to outside (internet). You can block known destinations.
Title: Re: What rules should I make to find short lived connections?
Post by: securityconscious on June 06, 2022, 01:15:33 PM
Quote from: EdwinKM on June 06, 2022, 11:31:02 AM
a firewall rule is permanent. Is this for prevention or are you investigating something?
Malware sessions are from inside to outside (internet). You can block known destinations.

Both prevention and investigation. I suspect they are from inside and I don't know what IP they are connecting to. I'm new to firewalls and OPN Sense.
Title: Re: What rules should I make to find short lived connections?
Post by: EdwinKM on June 06, 2022, 02:34:37 PM
you can off course block all (internet -  !rfc1918) destinations and check the firewall blocks. But this creating bulk of logging. So unusable. You have any valid reason the suspect any malice?
Text only | Text with Images