4. Logging/Blocking Suspect LAN->WAN Traffic - What is the Best Way

Logging/Blocking Suspect LAN->WAN Traffic - What is the Best Way

  • J

    My PFSense SG-2440 is up and running with both pfBlockerNG and Snort.    What is the best way to keep an eye on what my LAN is up to?  IE infected or remotely accessed machines, etc.

    I have Snort monitoring both LAN and WAN with the Snort $30 personal subscription.  pfBlocker is set to block the top 20 malware countries for IPv4 and IPv6.

    Thank you,

    Jerold

    0
  • J

    Sounds like PFBlockerNG will block LAN->WAN traffic to suspect countries and Snort should monitor for known vulnerabilities on the LAN and WAN interfaces.  Is there anything else I need to do to identify a network host that is doing something suspicious?

    Thanks,
    Jerold

    0
  • M

    @jpvonhemel:

    Sounds like PFBlockerNG will block LAN->WAN traffic to suspect countries and Snort should monitor for known vulnerabilities on the LAN and WAN interfaces.  Is there anything else I need to do to identify a network host that is doing something suspicious?

    Thanks,
    Jerold

    You need to understand what is normal traffic for your LAN.  You can only get that by actively monitoring or looking at the collected data over a long period of time.  A single hour or a single day is not enough.  A week starts to give you an idea.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy