"
Hello,
I have suricata running on 2 interfaces, LAN and DMZ (not enabled on WAN).
Under the DMZ I have a web server (80 and 443 forwarded from WAN), I've spotted some alerts regarding outbound traffic from this server:
Do I have to worry or is it only a blocked response originating from a contact by a compromised host (think so)?
Sorry If it's a stupid question but I'm quite a newbie
Thanks!
Enrico
I have suricata running on 2 interfaces, LAN and DMZ (not enabled on WAN).
Under the DMZ I have a web server (80 and 443 forwarded from WAN), I've spotted some alerts regarding outbound traffic from this server:
Do I have to worry or is it only a blocked response originating from a contact by a compromised host (think so)?
Sorry If it's a stupid question but I'm quite a newbie
Thanks!
Enrico
