Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
IDS questions
« previous
next »
Print
Pages: [
1
]
Author
Topic: IDS questions (Read 3219 times)
Rico
Newbie
Posts: 1
Karma: 0
IDS questions
«
on:
June 24, 2018, 11:49:39 am »
Hi
I am in a home environment with: modem/router >>>> Opnsense >>>>> Switch >>>>>> clients.
When I read the IDS/IPS Alerts the OPNSense ip of 192.168.1.228 assigned by the modem/router shows in all the alerts and not which client is actually generating the traffic. E.g.
---------
blocked wan 2.21.75.42 80 192.168.1.228 9089 ET EXPLOIT Possible Android Stagefright MP4 (CVE 2016-3861) Set
allowed wan 192.168.1.228 38749 2.21.75.42 80 SURICATA STREAM excessive retransmissions
---------
Is there a way to see which client is generating this traffic? or I have set things up wrong?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
IDS questions