Text only | Text with Images

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: torchsong on December 16, 2022, 07:38:42 PM

Title: Normal to see 5~10 ip blocks every minute?
Post by: torchsong on December 16, 2022, 07:38:42 PM
I'm new to the OPNsense. So far, loving the lower latency and better WAN/LAN performance.

I enabled Intrusion Detection + IPS. Nothing fancy, just defaults. When I'm checking the log, I see that at least few IPs are being blocked every minute. Most of them are valid attempt to connect to my network, I think. (screenshot attached)

Is this normal? I'm surprised to see this many attempts.
Title: Re: Normal to see 5~10 ip blocks every minute?
Post by: FullyBorked on December 16, 2022, 07:42:41 PM
This all looks like normal noise to me.  There will always be blocked traffic on external connects. It's not related to suricata.  Short answer this is normal. 
Title: Re: Normal to see 5~10 ip blocks every minute?
Post by: Patrick M. Hausen on December 16, 2022, 08:35:53 PM
The entire IPv4 Internet is scanned by bots 24x7 - nothing to worry about.
Title: Re: Normal to see 5~10 ip blocks every minute?
Post by: guenti_r on December 17, 2022, 01:29:01 PM
This is normal when Suricata listen on WAN Interface.
Let Suricata listen only on LAN Interface  :)
Text only | Text with Images