4. Logging/Blocking Suspect LAN->WAN Traffic - What is the Best Way

Logging/Blocking Suspect LAN->WAN Traffic - What is the Best Way

  • J

    My PFSense SG-2440 is up and running with both pfBlockerNG and Snort.    What is the best way to keep an eye on what my LAN is up to?  IE infected or remotely accessed machines, etc.

    I have Snort monitoring both LAN and WAN with the Snort $30 personal subscription.  pfBlocker is set to block the top 20 malware countries for IPv4 and IPv6.

    Thank you,

    Jerold

    0
  • J

    Sounds like PFBlockerNG will block LAN->WAN traffic to suspect countries and Snort should monitor for known vulnerabilities on the LAN and WAN interfaces.  Is there anything else I need to do to identify a network host that is doing something suspicious?

    Thanks,
    Jerold

    0
  • M

    @jpvonhemel:

    Sounds like PFBlockerNG will block LAN->WAN traffic to suspect countries and Snort should monitor for known vulnerabilities on the LAN and WAN interfaces.  Is there anything else I need to do to identify a network host that is doing something suspicious?

    Thanks,
    Jerold

    You need to understand what is normal traffic for your LAN.  You can only get that by actively monitoring or looking at the collected data over a long period of time.  A single hour or a single day is not enough.  A week starts to give you an idea.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy