OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • IDS Logs
« previous next »
  • Print
Pages: [1]

Author Topic: IDS Logs  (Read 277 times)

Mikestr

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
IDS Logs
« on: October 20, 2024, 10:53:16 pm »
Can anyone help me with this?   
Date
Severity
Process
Line
2024-10-20T14:39:51-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:31819   
2024-10-20T14:39:46-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 3.213.46.228:6502 -> 192.168.1.5:40532   
2024-10-20T14:39:41-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:60551   
2024-10-20T14:39:38-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:54574   
2024-10-20T14:39:32-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.41.117.235:6502 -> 192.168.1.5:17566   
2024-10-20T14:39:26-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:2059   
2024-10-20T14:39:22-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.41.117.235:6502 -> 192.168.1.5:31617   
2024-10-20T14:39:17-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:65030   
2024-10-20T14:39:10-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.41.117.235:6502 -> 192.168.1.5:42158   
2024-10-20T14:39:06-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:19340   
2024-10-20T14:39:01-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.41.117.235:6502 -> 192.168.1.5:28991   
2024-10-20T14:38:56-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:14753   
2024-10-20T14:38:48-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.41.117.235:6502 -> 192.168.1.5:40209   
2024-10-20T14:38:43-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:57313   
2024-10-20T14:38:37-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.41.117.235:6502 -> 192.168.1.5:63508   
2024-10-20T14:38:32-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:32665   
2024-10-20T14:38:28-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:43553   
2024-10-20T14:38:19-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.8.83.135:6502 -> 192.168.1.5:14483   
2024-10-20T14:38:14-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:32520   
2024-10-20T14:37:57-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.8.83.135:6502 -> 192.168.1.5:5190   
2024-10-20T14:37:53-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:50968   
2024-10-20T14:37:45-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.8.83.135:6502 -> 192.168.1.5:5612   
2024-10-20T14:37:40-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:1091   
2024-10-20T14:37:35-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.8.83.135:6502 -> 192.168.1.5:19851   
2024-10-20T14:37:29-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:29710   
2024-10-20T14:37:22-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.8.83.135:6502 -> 192.168.1.5:32752   
2024-10-20T14:37:17-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:25774   
2024-10-20T14:37:16-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:28121   
2024-10-20T14:37:08-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 44.224.252.72:6502 -> 192.168.1.5:15835
Logged

Mikestr

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Re: IDS Logs
« Reply #1 on: October 21, 2024, 03:07:36 am »
I don't know what it means and how to stop it.  I did set it to drop, before it said notify I think.
Logged

Mikestr

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Re: IDS Logs
« Reply #2 on: October 21, 2024, 03:45:27 am »
When I look up the IP's  they all point to amazon.
Logged

Patrick M. Hausen

  • Hero Member
  • *****
  • Posts: 6925
  • Karma: 584
    • View Profile
Re: IDS Logs
« Reply #3 on: October 21, 2024, 07:56:23 am »
The internal system with IP address 192.168.1.5 is probably trying to get a certificate from the Letsencrypt demo CA.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • IDS Logs
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2