OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • Question about Alerts from IDS/IPS [Closed]
« previous next »
  • Print
Pages: [1]

Author Topic: Question about Alerts from IDS/IPS [Closed]  (Read 2437 times)

pankaj

  • Full Member
  • ***
  • Posts: 117
  • Karma: 5
    • View Profile
Question about Alerts from IDS/IPS [Closed]
« on: September 11, 2021, 07:25:02 pm »
Hi,

I am running a dedicated VLAN for guest wifi and have just turned on IPS with all ET Pro rules enabled. In the alerts I see following log:

Code: [Select]
2021-09-11T09:49:59.485364-0700 2014939 allowed 192.168.4.17 44574 192.168.4.1 53 ET POLICY DNS Query for TOR Hidden Domain .onion Accessible Via TOR
So seems like there is a client machine with IP (192.168.4.17) making a DNS query but in the DHCP leases I do not see any entry for the IP address 192.168.4.17. Interestingly I am able to ping 192.168.4.17 from the console of OPNSense shell.

I am just trying to make sense of this log and any pointers will be helpful.

Thanks.
« Last Edit: September 11, 2021, 07:47:45 pm by pankaj »
Logged

pankaj

  • Full Member
  • ***
  • Posts: 117
  • Karma: 5
    • View Profile
Re: Question about Alerts from IDS/IPS
« Reply #1 on: September 11, 2021, 07:47:26 pm »
I did a nmap with verbosity and turns out it was my own laptop which I have assigned a static IP for testing few weeks back!
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • Question about Alerts from IDS/IPS [Closed]
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2