How to block an IP address using SSL / default1.sec-tunnel.com
-
Hi everyone, need help. i notice that there is an ip address on my network hoping to each of our computers using SSL / default1.sec-tunnel.com / port 443 according to ntopng. i am using ntopng for traffic monitoring. i already block this ip address on the WAN side but this ip is still in our network. What should i do? thanks for the response.
-
I suspect the available options depend on a lot on the size and type of infrastructure that you have as well as what you want to achieve.
If you have a relatively small infrastructure with managed switches, you should be able to tack down where the offending device is connected. Start by identifying the MAC address of the device (e.g. by pinging the IP from a computer on the same network and inspecting the ARP table of the computer you pinged from). Then track down the device by looking for the MAC address in the forwarding tables of your switches. You may end up at a WiFi access point, but then at least you know that the offending device is connected by WiFi and should be able to find out a little more about the device from your WiFi access point admin interface.
Another, possibly simpler, option could be block the MAC address in your switches and access points, effectively removing the device from you network. This should remove the problem (provided that the device does not change MAC address). It is also likely that the user/owner/administrator of the device will sooner or later turn up to get help with his/her network connection, thus helping you find the device.
Disclaimer: I am not a network or pfSense expert - these are just my 2 cents. Hope it might help nevertheless.