Hello my friends!
The IPs I receive from my ISP are constantly being attacked. How do I fix this? By reconnecting the PPPOE and receiving a new IP, easy.
But how do I reconnect my PPPOE in OPNsense?
I tried turning the interface off/on, without success.
I tried turning the PPPOE off/on, also without success.
Is there a quick and easy way to do this?
(https://i.postimg.cc/j2rJs34h/sleekshot.png)
Any public IPv4 address you receive will be attacked 24x7. The entire legacy internet is scanned by bots 24x7. Matter of fact.
Be happy your firewall blocks it and ignore it. There is no need to log blocked connection attempts.
Or use IPv6.
Quote from: Patrick M. Hausen on May 05, 2025, 04:54:05 PMThere is no need to log blocked connection attempts.
It is logging in by default, is there any way to turn it off?
I can't turn it off here
(https://i.postimg.cc/XYpfY6h1/sleekshot.png)
Firewall > Settings > Advanced > Logging
What seems strange, is that the destination port is always UDP 14640 at a high rate from different sources that seem not to be from the same network. If that is not a mere concidence, I would verify that this is not traffic that one of your own clients induces.
Quote from: meyergru on May 05, 2025, 05:42:52 PMWhat seems strange, is that the destination port is always UDP 14640 at a high rate from different sources that seem not to be from the same network. If that is not a mere concidence, I would verify that this is not traffic that one of your own clients induces.
Exactly, and I don't even have clients lol :)
I use OPNsense in my home lab to manage my network
This must be a "botnet" as
@Patrick mentioned, they scan the internet and maybe the hacker behind this scan knows of a flaw in this port of some specific service, since he knows that the IPs are changing, it could be that one day it will fall on some machine that has this service active and he will exploit it.
Well, thank you very much, gentlemen.
Quote from: ricardolanes on May 05, 2025, 06:42:30 PMand I don't even have clients
Sure you do. Every PC, Phone whatever you have at home is a client.
Maybe it is a torrent client or a virus which leads to this blocked traffic...
Yes, I understand, but that's not it.
I even thought about that (due to a mistake I made when understanding the traffic, I thought it was an output, but I realized it was an input on the WAN), so I turned off the switch and it continued, only with OPNsense turned on on the WAN.
Thanks in advance!
They are not getting past the WAN interface if you do not NAT that port. You don't need to worry about this too much.
If you NAT the port that they attack, it's a different story, and you simply block them one after another until the torrent dries up.