Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
IDS/IPS with Dynamic IP and NAT? Ruleset for Port Scans?
« previous
next »
Print
Pages: [
1
]
Author
Topic: IDS/IPS with Dynamic IP and NAT? Ruleset for Port Scans? (Read 2271 times)
EFaden
Newbie
Posts: 17
Karma: 0
IDS/IPS with Dynamic IP and NAT? Ruleset for Port Scans?
«
on:
June 09, 2021, 11:40:32 pm »
So I have been reading up on how to setup Scuricata on my OpnSense box at my house. From what I have read I need to put my WAN IP into the "Home Networks" section. The issue is that mine is a DHCP given address. I can't put a hostname into the field either. Is there an easy way to automatically keep my WAN ip in that list? Thanks.
Also is there rule set for port scans? I have looked through ET Telemetry, Snort VRT, etc. I can't seem to find a pre-made one to detect port scans? Thanks!
Edit: I found that ET Pro has a "scan" but not ET Telemetry, but there is emerging-telemetry
«
Last Edit: June 09, 2021, 11:50:32 pm by EFaden
»
Logged
cookiemonster
Hero Member
Posts: 1830
Karma: 95
Re: IDS/IPS with Dynamic IP and NAT? Ruleset for Port Scans?
«
Reply #1 on:
July 09, 2021, 05:50:02 pm »
I am new to IDS/IPS myself and don't want to mislead you but from my understanding, your wan ip or hostname is not to be in the "home networks" as those would be unroutable networks i.e. 192.168.x.x/24
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
IDS/IPS with Dynamic IP and NAT? Ruleset for Port Scans?