OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: enrirollins on January 07, 2023, 12:59:02 am

Title: DMZ outbound traffic blocked should I worry or not?
Post by: enrirollins on January 07, 2023, 12:59:02 am

Hello,

I have suricata running on 2 interfaces, LAN and DMZ (not enabled on WAN).
Under the DMZ I have a web server (80 and 443 forwarded from WAN), I've spotted some alerts regarding outbound traffic from this server:

(https://i.postimg.cc/5HFR4K5r/1.png) (https://postimg.cc/5HFR4K5r)

(https://i.postimg.cc/N9qP58pj/2.png) (https://postimg.cc/N9qP58pj)

Do I have to worry or is it only a blocked response originating from a contact by a compromised host (think so)?

Sorry If it's a stupid question but I'm quite a newbie

Thanks!

Enrico

Title: Re: DMZ outbound traffic blocked should I worry or not?
Post by: featheredfifth on April 20, 2023, 05:18:24 am

Hi
I am also new and inexperienced. Hope someone can explain in more detail.

slope game (https://slope-game.io)