Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block and monitor

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 265 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kendalltech
      last edited by

      Hi,
      I'm new to pfSense so please excuse my ignorance. I recently took over network admin responsibilities at my office and the hardware running pfSense was running version 2.2.4 so I updated it to 2.3.5. The ISP has been threatening to turn off service for a few months because of possible malicious activity from our IP address. They mentioned that one of the network devices is infected by Mirai. Originally they told me that the virus was utilizing port 23. So, I went into the firewall and blocked port 23 on the LAN and the WAN. But after reading up on pfSense, it seems like everything is blocked and only what is allowed is what is allowed in the firewall settings. But according to the ISP, the virus communicates on these ports: 23, 2323, 3389, 5555 and 7547. How can I monitor the traffic to find out what device is causing this malicious activity? I've also installed Snort and I've activated in on the LAN and the WAN (I'm not sure if I should only activate it on one or the other). I've read that with Snort configured I can stop any P2P traffic. I didn't see any specific settings to enable that feature so it must be enabled by default? Thanks for your help!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.