OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Hansiii »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Hansiii

Pages: [1]
1
Intrusion Detection and Prevention / Re: Portscan?
« on: January 05, 2024, 04:45:45 pm »


Yes to your answer. The masked ip is my public ip. I can't find the causer in my local network. How can i get the local ip of this traffic and how can I set up an IPS on a PPPoE WAN connection? If this is not possible, I may need to revert to using my ISP’s router.

2
Intrusion Detection and Prevention / Re: Portscan?
« on: January 04, 2024, 11:11:02 pm »
The masked IPs are my public IP from the isp on WAN Interface. That’s what I am not rly understand.

3
Intrusion Detection and Prevention / Re: Portscan?
« on: January 04, 2024, 10:05:37 pm »
Thanks for your answer. My assumption is also that something is wrong in my network. Unfortunately it is not clear when this happens. Which client is sending an extremely large number of requests in a very short time on tcp and udp with floating ports and is extremely disrupting the Internet connection about 30 mins? I have a LAN interface with a local ip range and would like to find the cause. That's why I did a package capture on the LAN interface, but couldn't find anything. There are no similar ports to be found. Could it be something on the opnsense or the china hardware itself? Is ips already working on pppoe? Are there any other possibilities besides a package capture to analyze this? Maybe unplug all devices one by one as it happens.

4
Intrusion Detection and Prevention / Portscan?
« on: January 04, 2024, 02:46:13 pm »
I have the following problem. On my opnsense I discovered the following in the firewall live view. Since my internet often hardly works as a result, I need a solution.



 I don’t understand the src and dst. src is my public IP and dst are the registered servers. Is the scan now coming from outside or over my network. I have already done a package capture on all interfaces, but only discovered the port scan on the wan interface. I have also already tried to block the port scan with suricata, but without success, probably because of my own IP, right?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2