Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Does NTOPNG itself scan networks and/or hosts ?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Does NTOPNG itself scan networks and/or hosts ? (Read 399 times)
cambrbr
Newbie
Posts: 12
Karma: 0
Does NTOPNG itself scan networks and/or hosts ?
«
on:
September 12, 2024, 08:55:22 am »
I have installed ntopng on my opnsense and was looking at network connectivity inside my IOT network (that has a solar inverter, charging station and battery). All three are from different vendors.
I noticed activity that is originating from the gateway inside the IOT network (diagram attached). I thought it was a bit strange that the gateway was trying open SSH or http connections to hosts inside the IOT network.
But perhaps it is not strange, and it is intended behavior from ntopng to check open ports on hosts? Can someone confirm/deny this ?
Logged
dseven
Sr. Member
Posts: 315
Karma: 33
Re: Does NTOPNG itself scan networks and/or hosts ?
«
Reply #1 on:
September 12, 2024, 11:48:36 am »
perhaps:
https://www.ntop.org/ntopng/how-ntopng-merges-vulnerability-scan-with-traffic-monitoring-for-better-cybersecurity/
Logged
vivekmauli14
Newbie
Posts: 44
Karma: 0
Re: Does NTOPNG itself scan networks and/or hosts ?
«
Reply #2 on:
September 14, 2024, 10:15:46 am »
Hi,
I have been leveraging traffic flow data from ntopng to automate the population of the pftable with IP addresses associated with specific applications. I then create firewall rules to block these IP addresses using an alias. While this approach effectively blocks most applications, I encounter difficulties blocking high-profile services such as YouTube and other Google applications. These services continuously use dynamically changing IP addresses.
I am seeking advice on enhancing this mechanism to better handle the dynamic nature of these applications. Specifically, I would like to improve the speed at which the pftable is updated and develop a more robust strategy to address the challenge of dynamic IP addresses.
Any insights or recommendations would be greatly appreciated. Thank you in advance!
Best,
VivekSP
Logged
cambrbr
Newbie
Posts: 12
Karma: 0
Re: Does NTOPNG itself scan networks and/or hosts ?
«
Reply #3 on:
September 14, 2024, 10:31:07 am »
You'll need NGFW features for that, such as the ZenArmor integration that allows for Application Control.
https://www.zenarmor.com/docs/policies/application-control-rules
It'll keep track of the Youtube set of dynamic external IP addresses and will allow for the application type to be recognized as Youtube traffic.
https://www.zenarmor.com/docs/opnsense
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Does NTOPNG itself scan networks and/or hosts ?