Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Normal to see 5~10 ip blocks every minute?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Normal to see 5~10 ip blocks every minute? (Read 1355 times)
torchsong
Newbie
Posts: 2
Karma: 0
Normal to see 5~10 ip blocks every minute?
«
on:
December 16, 2022, 07:38:42 pm »
I'm new to the OPNsense. So far, loving the lower latency and better WAN/LAN performance.
I enabled Intrusion Detection + IPS. Nothing fancy, just defaults. When I'm checking the log, I see that at least few IPs are being blocked every minute. Most of them are valid attempt to connect to my network, I think. (screenshot attached)
Is this normal? I'm surprised to see this many attempts.
Logged
FullyBorked
Sr. Member
Posts: 343
Karma: 24
Re: Normal to see 5~10 ip blocks every minute?
«
Reply #1 on:
December 16, 2022, 07:42:41 pm »
This all looks like normal noise to me. There will always be blocked traffic on external connects. It's not related to suricata. Short answer this is normal.
Logged
Patrick M. Hausen
Hero Member
Posts: 6812
Karma: 572
Re: Normal to see 5~10 ip blocks every minute?
«
Reply #2 on:
December 16, 2022, 08:35:53 pm »
The entire IPv4 Internet is scanned by bots 24x7 - nothing to worry about.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
guenti_r
Jr. Member
Posts: 58
Karma: 0
Re: Normal to see 5~10 ip blocks every minute?
«
Reply #3 on:
December 17, 2022, 01:29:01 pm »
This is normal when Suricata listen on WAN Interface.
Let Suricata listen
only
on LAN Interface
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Normal to see 5~10 ip blocks every minute?
