1
Intrusion Detection and Prevention / Suricata alert. Hacking tentative of my home server?
« on: May 03, 2024, 10:25:27 am »
Hi folks,
I've re-enabled suricata lately. I tought it was not working because I had zero alert. Since I changed the engine to Aho-Corasick it seems to work.
I had this alert yesterday and I'm not sure how to interpret it:
2024-05-02T11:02:16.131626+0200 2403316 allowed lan 31.220.73.3 13197 192.168.1.xxx 51413 ET CINS Active Threat Intelligence Poor Reputation IP group 17
I understand that the IP 31.220.73.3 is establishing a connection to one of my internal IP. After some research it seems that it's the IP of my internal Ubuntu VM running my docker service.
The port 51413 was used by my transmission app running on docker. Do you think it can be a try to hack my server?
Thanks for your help.
I've re-enabled suricata lately. I tought it was not working because I had zero alert. Since I changed the engine to Aho-Corasick it seems to work.
I had this alert yesterday and I'm not sure how to interpret it:
2024-05-02T11:02:16.131626+0200 2403316 allowed lan 31.220.73.3 13197 192.168.1.xxx 51413 ET CINS Active Threat Intelligence Poor Reputation IP group 17
I understand that the IP 31.220.73.3 is establishing a connection to one of my internal IP. After some research it seems that it's the IP of my internal Ubuntu VM running my docker service.
The port 51413 was used by my transmission app running on docker. Do you think it can be a try to hack my server?
Thanks for your help.