Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    My IP was reported as abusive

    Firewalling
    3
    3
    423
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      spoon80
      last edited by

      Dear All,

      My WAN IP was reported as abusive and I received notification from ISP to solve this issue.
      See below AbuseIPDB report
      hack.jpg
      Cand you please give some guidace to find to troubleshoot and find if any LAN device is infected with malware?

      Thank you!
      Best regards

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @spoon80
        last edited by

        @spoon80

        Disconnect all LAN devices, visit them one by one and run available 'known to be good' anti-whatever scans on each of them.

        As soon as you found the guilty device, don't stop, scan all your systems, as the one bad device can also infect other LAN devices.

        And most important : have a talk with person who uses the infected PCs. Explain that he/she uses a shared resource, and that your rules apply if she/he wants to continue to use 'your' Internet connection. A lot can be done before you apply the bottom line rule "don't use a PC if you don't know what not to do".

        If needed : place suspected devices on a separate LAN network, and go wild with limiting firewall rules on pfSense, although, the list you've shown mentions XML-RPC access, that a normal port 443 ( or 80 ) web server access : it's hard to block these ports as it will block every web server on the Internet.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        M 1 Reply Last reply Reply Quote 2
        • M
          michmoor LAYER 8 Rebel Alliance @Gertjan
          last edited by

          @Gertjan maybe Suricata in IDS mode can help depending on what rules are triggered

          Firewall: NetGate,Palo Alto-VM,Juniper SRX
          Routing: Juniper, Arista, Cisco
          Switching: Juniper, Arista, Cisco
          Wireless: Unifi, Aruba IAP
          JNCIP,CCNP Enterprise

          1 Reply Last reply Reply Quote 1
          • GertjanG Gertjan referenced this topic on
          • First post
            Last post