English Forums > Intrusion Detection and Prevention

System log entry involves a reported abuse IP, how to investigate?

(1/1)

LouieLouie:
Aug 31 09:28:37    /update_tables.py: error fetching alias url 81.22.45.80

Disclaimer:  To call myself an amateur with security is an insult to the amateurs. 

I'm curious about this log entry.  I googled update_tables.py, the responses were effectively in sanskrit to me.  I know that it's probably a python script, that's it.

Why would opnsense try to fetch an alias for that ip address?  Is this an attack?  Should I do something?

Thank you for your time and consideration.

dp:
Are you using spamhaus? This IP is on their list as a bad actor and there may have been a hiccup somewhere in the process of updating the table of IPs from their database. To use spamhaus it is setup as an alias.

And it is entirely possible I have no clue of what I am talking about and this is complete gibberish.

Navigation

[0] Message Index