4. Block and monitor

Block and monitor

  • K

    Hi,
    I'm new to pfSense so please excuse my ignorance. I recently took over network admin responsibilities at my office and the hardware running pfSense was running version 2.2.4 so I updated it to 2.3.5. The ISP has been threatening to turn off service for a few months because of possible malicious activity from our IP address. They mentioned that one of the network devices is infected by Mirai. Originally they told me that the virus was utilizing port 23. So, I went into the firewall and blocked port 23 on the LAN and the WAN. But after reading up on pfSense, it seems like everything is blocked and only what is allowed is what is allowed in the firewall settings. But according to the ISP, the virus communicates on these ports: 23, 2323, 3389, 5555 and 7547. How can I monitor the traffic to find out what device is causing this malicious activity? I've also installed Snort and I've activated in on the LAN and the WAN (I'm not sure if I should only activate it on one or the other). I've read that with Snort configured I can stop any P2P traffic. I didn't see any specific settings to enable that feature so it must be enabled by default? Thanks for your help!

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy