OPNsense Forum

English Forums => General Discussion => Topic started by: MasterXBKC on July 05, 2017, 10:07:03 pm

Title: URGENT - Block This IP!
Post by: MasterXBKC on July 05, 2017, 10:07:03 pm

This is an urgent one for those running opnsense firewalls.

Block 163.172.112.193

It has scanned my IP space before(i have a lot), but mostly passively, then moves on to others, BUT today when it crossed my IP Space and found the new OPNSense i have up and running for development and testing for PFMonitor, it suddenly began brute forcing like crazy against SSH, The Web Config, and OpenVPN all simultaneously and rapidly.  When it ran into my pfSense unit it tried a few passwords then gave up, but the OPNSense it strangely targetted quite heavily and continuously for a while.

I Also have a Dell IDRAC6 Honeypot up and running and it hit that a few times as well, i log all of this of course to see what nasties are out and about scanning my territory online.

Just a safety warning.  Block that IP!

Title: Re: URGENT - Block This IP!
Post by: chemlud on July 05, 2017, 10:39:31 pm

French NSA? :-D

Title: Re: URGENT - Block This IP!
Post by: weust on July 06, 2017, 06:49:58 am

You have SSH, WebConfig and IDRAC Honeypot open to the internet?

Title: Re: URGENT - Block This IP!
Post by: MasterXBKC on July 07, 2017, 05:34:27 pm

Quote from: weust on July 06, 2017, 06:49:58 am

You have SSH, WebConfig and IDRAC Honeypot open to the internet?

And many others as well.  Im a cyber security engineer.  I also work with AZCWR ( http://azcwr.org )

Title: Re: URGENT - Block This IP!
Post by: weust on July 07, 2017, 09:20:34 pm

Alright, that makes sense :-)