Normal to see 5~10 ip blocks every minute?

Started by torchsong, December 16, 2022, 07:38:42 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 16, 2022, 07:38:42 PM
I'm new to the OPNsense. So far, loving the lower latency and better WAN/LAN performance.

I enabled Intrusion Detection + IPS. Nothing fancy, just defaults. When I'm checking the log, I see that at least few IPs are being blocked every minute. Most of them are valid attempt to connect to my network, I think. (screenshot attached)

Is this normal? I'm surprised to see this many attempts.
December 16, 2022, 07:42:41 PM #1
This all looks like normal noise to me.  There will always be blocked traffic on external connects. It's not related to suricata.  Short answer this is normal. 
December 16, 2022, 08:35:53 PM #2
The entire IPv4 Internet is scanned by bots 24x7 - nothing to worry about.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 17, 2022, 01:29:01 PM #3
This is normal when Suricata listen on WAN Interface.
Let Suricata listen only on LAN Interface  :)
Print
Go Up Pages1
User actions