Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
URGENT - Block This IP!
« previous
next »
Print
Pages: [
1
]
Author
Topic: URGENT - Block This IP! (Read 4623 times)
MasterXBKC
Jr. Member
Posts: 66
Karma: 6
Infragard Member
URGENT - Block This IP!
«
on:
July 05, 2017, 10:07:03 pm »
This is an urgent one for those running opnsense firewalls.
Block 163.172.112.193
It has scanned my IP space before(i have a lot), but mostly passively, then moves on to others, BUT today when it crossed my IP Space and found the new OPNSense i have up and running for development and testing for PFMonitor, it suddenly began brute forcing like crazy against SSH, The Web Config, and OpenVPN all simultaneously and rapidly. When it ran into my pfSense unit it tried a few passwords then gave up, but the OPNSense it strangely targetted quite heavily and continuously for a while.
I Also have a Dell IDRAC6 Honeypot up and running and it hit that a few times as well, i log all of this of course to see what nasties are out and about scanning my territory online.
Just a safety warning. Block that IP!
Logged
Member of FBIs Infragard Program
Certified Information Systems Security Officer
Certified Vulnerability Assessor
PFMonitor Remote Management, Backup, & Live Monitoring for PFSense and OPNSense
OPNSense Units: R720XD XL, R720XD XL, R720XD, R720XD, R710, DL360G7, QNAP
chemlud
Hero Member
Posts: 2488
Karma: 112
Re: URGENT - Block This IP!
«
Reply #1 on:
July 05, 2017, 10:39:31 pm »
French NSA? :-D
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
weust
Hero Member
Posts: 650
Karma: 57
Re: URGENT - Block This IP!
«
Reply #2 on:
July 06, 2017, 06:49:58 am »
You have SSH, WebConfig and IDRAC Honeypot open to the internet?
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
MasterXBKC
Jr. Member
Posts: 66
Karma: 6
Infragard Member
Re: URGENT - Block This IP!
«
Reply #3 on:
July 07, 2017, 05:34:27 pm »
Quote from: weust on July 06, 2017, 06:49:58 am
You have SSH, WebConfig and IDRAC Honeypot open to the internet?
And many others as well. Im a cyber security engineer. I also work with AZCWR (
http://azcwr.org
)
Logged
Member of FBIs Infragard Program
Certified Information Systems Security Officer
Certified Vulnerability Assessor
PFMonitor Remote Management, Backup, & Live Monitoring for PFSense and OPNSense
OPNSense Units: R720XD XL, R720XD XL, R720XD, R720XD, R710, DL360G7, QNAP
weust
Hero Member
Posts: 650
Karma: 57
Re: URGENT - Block This IP!
«
Reply #4 on:
July 07, 2017, 09:20:34 pm »
Alright, that makes sense :-)
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
URGENT - Block This IP!