Unable to load image

[Networking Noob] So I installed an OPNsense firewall a few months ago and I'm getting massively high volume of connection attempts that are all being denied but it still seems like a lot. Is that normal?

I'd provide a picture but I'm too lazy

20
Jump in the discussion.

No email address required.

Probably since a lot of people will use bots that scan all ips and attempt to connect or request info and automatically attempt common vulnerabilities .

Not entirely related to firewalls but my cloudflare sites were getting high levels of 1.x http connection attempts (talking like 100k / week on small unknown site) from Indonesia, China and I think another SEA country. Easiest fix was to block those countries since idk if blocking 1.x http would break anything. Instantly lowered traffic

Jump in the discussion.

No email address required.

It's pretty mad setting anything up on a common port and watching just how much bot traffic there is on the internet

Jump in the discussion.

No email address required.

Ya it SUCKS trying to plug shit into other shit never :marseyitsover: works

Jump in the discussion.

No email address required.

yeah i've checked a few of the IPs and they're from the usual suspects (especially india) so i'll probably finally get around to doing that

Jump in the discussion.

No email address required.

Yeah that and as lain said keep ports closed if you don't know what you're doing / using it just for home. And if you plan to connect from somewhere else / open them set up ssh keys and limited account access for ones handling web stuff. Usually though you'll be fine if you make sure to read guides

Jump in the discussion.

No email address required.

>he uses password auth on the open Internet

:#marseycringe2:

Jump in the discussion.

No email address required.

it's not lol none of my ports are open, chill out homo

Jump in the discussion.

No email address required.

Um its not my job to educate you go cry about it on /r/opnsense :#glitterretard:

Jump in the discussion.

No email address required.

suck my fat balls, dawg i'm sure you like doing that you big gay homo fancy boy buttfricker

Jump in the discussion.

No email address required.

Get him, hunny! :marseypunching:

Jump in the discussion.

No email address required.

yeah those are just script kiddies or botnets.

you can scan the entirety of the IPv4 address space in a matter of minutes...and a lot of bots do.

IPv6 makes this much harder on paper but it's still realistically doable using heuristics.

If you keep your ports closed and only use something like Tailscale to get in, you'll be safe.

Even if you do open ports, using trusted HTTP servers like Apache and nginx as proxies are perfectly safe with a good password.

Jump in the discussion.

No email address required.

okay good, i was kinda worried for a bit lol especially since my title (network noob) is pretty accurate as this is my first time really screwing around with it and i was hoping to learn as much as possible

Jump in the discussion.

No email address required.

yeah when it comes to network security keeping your ports closed and unbound is like 80% of the battle. If there's an exploit on your system that can phone out, you're already kind of fricked.

Jump in the discussion.

No email address required.

I'm not too good with network shit but is it good enough to use password ssh if it's like 20 characters long and a specific long named login account with restricted privileges?

I did that before and I think it's good enough until I figured out proper ssh but how close was I to assraping

Jump in the discussion.

No email address required.

I mean it'll be OK if you've never reused the password but “key based authentication” is just so much better and avoids a whole class of attacks.

I would definitely recommend using the “overlay VPN” TailScale as well. It will let you access machines remotely without needing to open up ports on the internet.

I would watch some videos on “public key cryptography” to wrap your head around what you're doing. I always liked this explanation

Jump in the discussion.

No email address required.

So what you're saying is that I should just open up all the ports on prod and see what happens?

Jump in the discussion.

No email address required.

No, you should run a tor exit node though.

Jump in the discussion.

No email address required.

Submitting the propsal to my boss right now as we speak

Jump in the discussion.

No email address required.

It's automated bot scanning and intrusion attempts. This is pretty normal these days.

Jump in the discussion.

No email address required.

i was just a bit uneasy at how fast it was coming but now i know it's bots doing it and not someone with a bussy to pick with me

Jump in the discussion.

No email address required.

:#marseybeingnerd:

Jump in the discussion.

No email address required.

Link copied to clipboard
Action successful!
Error, please refresh the page and try again.