Detections and blocking of malicious IPs \ Domains (Detailed Post)

Started by BigFreddy, February 10, 2026, 08:49:19 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 10, 2026, 08:49:19 AM
Hi,

I'm looking to see what are the options to detect and block malicious IPs and Domains that made inbound \ outbound connections per individual device on the network. This is to establish if a device was compromised in some way and to detect and block malicious connection(s) taking place. When it comes to features, what I would like to see is:

  • Log IPs \ Domains per device with a timestamp upon malicious connection and when it was blocked.
  • Archive logs of IPs \ Domains within selected amount of time for detection and blocking in the future.
  • Dashboard with data and metrics.
  • Highlight connections to suspicious \ malicious domains in the dashboard.
  • Search functionality where I can manually search if a specific IP \ Domain made a connection on my network.
  • Automatically grab fresh feeds of data to keep database of malicious domains and IPs up to date.
  • Store logs up to selected amount of months or years e.g 3 months or 1 year as an example.
  • Automatically block connections to malicious domains \ IPs that are on the downloaded data feeds.

I'm thinking about buying external hard drive that I would connect via USB port to store logs so storage is not a problem. However, my hardware is relatively weak with 4 CPU cores and 8GB of DDR4 RAM. I'm looking for something more automated where I set it up and it just works or I can occasionally do maintenance on it to review blocked domains and ips. My initial plan was to just monitor if a malicious connection took place but automatically blocking it would make things much easier. I'm looking for a solution that is aimed at home usage. I don't mind paying a small monthly fee if the solution does what I need with all the required features and very up to date data feed, however, I would prefer something free.

Any suggestions how I can go about it and what are my options ?
February 10, 2026, 03:23:46 PM #1
There are plenty of options :

- ZenArmor
- Suricata
- Pi-Hole

The first two are full IDS/IPS solutions and the last one is a DNS Blocklist based system which you can combine with this : https://forum.opnsense.org/index.php?topic=9245.0

I would say install a VM for each and have a look around in their webGUI :)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Print
Go Up Pages1
User actions