OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: EFaden on June 09, 2021, 11:40:32 pm

Title: IDS/IPS with Dynamic IP and NAT? Ruleset for Port Scans?
Post by: EFaden on June 09, 2021, 11:40:32 pm

So I have been reading up on how to setup Scuricata on my OpnSense box at my house.  From what I have read I need to put my WAN IP into the "Home Networks" section.  The issue is that mine is a DHCP given address.  I can't put a hostname into the field either.  Is there an easy way to automatically keep my WAN ip in that list?  Thanks.

Also is there rule set for port scans?  I have looked through ET Telemetry, Snort VRT, etc.  I can't seem to find a pre-made one to detect port scans?  Thanks!

Edit: I found that ET Pro has a "scan" but not ET Telemetry, but there is emerging-telemetry

Title: Re: IDS/IPS with Dynamic IP and NAT? Ruleset for Port Scans?
Post by: cookiemonster on July 09, 2021, 05:50:02 pm

I am new to IDS/IPS myself and don't want to mislead you but from my understanding, your wan ip or hostname is not to be in the "home networks" as those would be unroutable networks i.e. 192.168.x.x/24