Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Logging/Blocking Suspect LAN->WAN Traffic - What is the Best Way

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 522 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jpvonhemel
      last edited by

      My PFSense SG-2440 is up and running with both pfBlockerNG and Snort.    What is the best way to keep an eye on what my LAN is up to?  IE infected or remotely accessed machines, etc.

      I have Snort monitoring both LAN and WAN with the Snort $30 personal subscription.  pfBlocker is set to block the top 20 malware countries for IPv4 and IPv6.

      Thank you,

      Jerold

      1 Reply Last reply Reply Quote 0
      • J
        jpvonhemel
        last edited by

        Sounds like PFBlockerNG will block LAN->WAN traffic to suspect countries and Snort should monitor for known vulnerabilities on the LAN and WAN interfaces.  Is there anything else I need to do to identify a network host that is doing something suspicious?

        Thanks,
        Jerold

        1 Reply Last reply Reply Quote 0
        • M
          mer
          last edited by

          @jpvonhemel:

          Sounds like PFBlockerNG will block LAN->WAN traffic to suspect countries and Snort should monitor for known vulnerabilities on the LAN and WAN interfaces.  Is there anything else I need to do to identify a network host that is doing something suspicious?

          Thanks,
          Jerold

          You need to understand what is normal traffic for your LAN.  You can only get that by actively monitoring or looking at the collected data over a long period of time.  A single hour or a single day is not enough.  A week starts to give you an idea.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.