Firewall log, is this attack or?
Hello, i have a question about the security and my settings that i'm using in Pfsense.
I'm only using it for 2 weeks, for now i think that i understand most i'm doing but not for sure.
When i look into my firewall log, i see like 100 different ip's trying to connect to my network in some hours time..
At some point i see that in one minute various different hosts trying to connect on my ip using port 61504 UDP.
When i lookup that hosts, i see they are from asia, but those are blocked by Pfblocker.
Ports they trying to connect to:
1214 UDP <- also happens alot
and some more
One ip spammed the log also +- 50x from source port 37 to 169.254.255.255:137 UDP
Since this night i got 400 logs like those above.
I also have a mailserver in my network, all needed ports are open to that server, 25-143-993-465, also port 80 for webmail.
I noticed that my mailserver blocked 6 hosts in the last weeks trying to login tho the webmail.
I have no packets installed, only PFblocker with active lists:
- top spammer
- whole africa
- whole Asia
- I-blocklist spyware
- I-blocklist hijacked
- I-blocklist microsoft
Do i need to do something?
Sorry for bad english and thanks in advance.
cannot say much about the other ports but 169.254.x.x looks like APIPA addresses for hosts which did not get an address by DHCP.
And if you are running a server with open ports for mail and http I think it is very common that you get many tries from bots on the internet which check for available services.
It's normally at random. If I pasted my blocked logged for just a couple minutes I'd have to use pastebin which even then their free limit might be reached. I normally do not monitor blocked traffic until I'm diagnosing an issue.