Messages

1

Intrusion Detection and Prevention / Re: Beginner question: should i be conserned about this firewall logs?

« on: January 20, 2024, 01:57:14 am »

I can confirm it has been resolved after turning of the old firewall.

2

Intrusion Detection and Prevention / Re: Beginner question: should i be conserned about this firewall logs?

« on: January 19, 2024, 06:35:03 pm »

Dude, I finally figured out why I was seeing these results. When I setup opnsens I left my old firewall running and this have port forward to port 22 on my ubuntu. The machine is trying to answer on its default route and sends everything to opnsense.

Before you arrest me, I use fail2ban to block bruteforce attempts.

Damn, took me awhile before I could understand why my ubuntu was trying to make all these connections through  opnsense.

I will shutdown the old router and let you know if this solves the problem. I'm pretty sure it does (I'm not home now)

3

Intrusion Detection and Prevention / Re: Beginner question: should i be conserned about this firewall logs?

« on: January 19, 2024, 04:15:41 pm »

Thanks, I have some investigating or possible reinstall. I will try to find out how they got in the first place.

I did some portscan on the reported IP's and some have port 22 open. I guess my ubuntu is used for some brute force purpose.

I would never see this if it was not for the opnsense firewall log. (I just installed it on Tuesday.)

4

Intrusion Detection and Prevention / [Solved] Beginner question: should i be conserned about this firewall logs?

« on: January 19, 2024, 01:16:54 pm »

Is my device hacked?

Ubuntu - media server, sending lots of requests from port 22. Or am i understanding the firewall direction wrong?

Please check attachment.