Show Posts
1
Intrusion Detection and Prevention / DMZ outbound traffic blocked should I worry or not?
« on: January 07, 2023, 12:59:02 am »
Hello,
I have suricata running on 2 interfaces, LAN and DMZ (not enabled on WAN).
Under the DMZ I have a web server (80 and 443 forwarded from WAN), I've spotted some alerts regarding outbound traffic from this server:
Do I have to worry or is it only a blocked response originating from a contact by a compromised host (think so)?
Sorry If it's a stupid question but I'm quite a newbie
Thanks!
Enrico
I have suricata running on 2 interfaces, LAN and DMZ (not enabled on WAN).
Under the DMZ I have a web server (80 and 443 forwarded from WAN), I've spotted some alerts regarding outbound traffic from this server:
Do I have to worry or is it only a blocked response originating from a contact by a compromised host (think so)?
Sorry If it's a stupid question but I'm quite a newbie
Thanks!
Enrico