Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
System log entry involves a reported abuse IP, how to investigate?
« previous
next »
Print
Pages: [
1
]
Author
Topic: System log entry involves a reported abuse IP, how to investigate? (Read 4560 times)
LouieLouie
Newbie
Posts: 43
Karma: 8
System log entry involves a reported abuse IP, how to investigate?
«
on:
August 31, 2019, 03:41:49 pm »
Aug 31 09:28:37 /update_tables.py: error fetching alias url 81.22.45.80
Disclaimer: To call myself an amateur with security is an insult to the amateurs.
I'm curious about this log entry. I googled update_tables.py, the responses were effectively in sanskrit to me. I know that it's probably a python script, that's it.
Why would opnsense try to fetch an alias for that ip address? Is this an attack? Should I do something?
Thank you for your time and consideration.
Logged
dp
Newbie
Posts: 25
Karma: 1
Re: System log entry involves a reported abuse IP, how to investigate?
«
Reply #1 on:
January 13, 2020, 10:05:31 pm »
Are you using spamhaus? This IP is on their list as a bad actor and there may have been a hiccup somewhere in the process of updating the table of IPs from their database. To use spamhaus it is setup as an alias.
And it is entirely possible I have no clue of what I am talking about and this is complete gibberish.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
System log entry involves a reported abuse IP, how to investigate?