Security overview
Security Dashboard
Real-time firewall metrics, threat intelligence, SSH brute-force monitoring, IDS signals and blacklist management across all security layers.
Live
nft Drops
3294
Total blocked
Unique Src
312
Source IPs
Blacklist
148
Auto-banned
CrowdSec
521
CS entries
SSH Failed
804
Auth attempts
CS Alerts
47
Alert decisions
Suricata Rules
49902
IDS ruleset
Drop Rules
24
nft rules
nftables
active
47d 13h
dnsmasq
active
47d 12h
wg-quick@wg0
active
16d 04h
crowdsec
active
47d 10h
suricata
active
11d 08h
frr
inactive
standby
Top-20 Sources by hits
#IPHitsShare
1 45.142.193.18 931
28.3%
2 103.21.244.82 614
18.6%
3 185.220.101.33 488
14.8%
4 91.240.118.172 392
11.9%
5 198.51.100.77 214
6.5%
6 162.247.74.201 189
5.7%
7 23.129.64.100 167
5.1%
8 77.247.181.162 152
4.6%
9 104.244.76.13 138
4.2%
10 5.188.210.101 124
3.8%
11 194.163.131.18 112
3.4%
12 178.128.0.88 98
3.0%
13 209.141.58.114 87
2.6%
14 162.247.74.213 76
2.3%
15 45.33.32.76 64
1.9%
16 46.166.139.111 58
1.8%
17 91.215.85.214 47
1.4%
18 37.120.247.51 39
1.2%
19 185.156.73.54 31
0.9%
20 23.94.168.70 24
0.7%
By Rule distribution
RuleHitsShare
ssh_bruteforce 642
19.5%
port_scan 511
15.5%
bogon_drop 308
9.4%
syn_flood_guard 229
7.0%
dns_amplification 144
4.4%
http_probing 118
3.6%
tor_exit_drop 89
2.7%
bruteforce_ftp 67
2.0%
malware_c2 41
1.2%
spoofed_source 28
0.9%
By Dst Port services
PortServiceHitsShare
22 SSH 642
19.5%
443 HTTPS 511
15.5%
53 DNS 308
9.4%
8080 HTTP alt 229
7.0%
8443 HTTPS alt 144
4.4%
80 HTTP 118
3.6%
3389 RDP 89
2.7%
21 FTP 67
2.0%
25 SMTP 41
1.2%
8443 HTTPS alt 28
0.9%
Last 50 Drops recent
TimeRuleIFSrcDstProtoDPT
20:47:12 port_scan wan0 45.142.193.18 192.168.10.5 tcp 443
20:46:58 ssh_bruteforce wan0 103.21.244.82 192.168.10.2 tcp 22
20:45:30 dns_amplification wan0 185.220.101.33 192.168.10.1 udp 53
20:44:11 syn_flood_guard wan0 91.240.118.172 192.168.10.5 tcp 443
20:42:09 http_probing wan0 162.247.74.201 192.168.10.5 tcp 80
20:39:55 tor_exit_drop wan0 77.247.181.162 192.168.10.2 tcp 443
20:38:17 bogon_drop wan0 10.42.0.9 192.168.10.1 tcp 8080
20:35:42 ssh_bruteforce wan0 5.188.210.101 192.168.10.2 tcp 22
20:33:10 bruteforce_ftp wan0 194.163.131.18 192.168.10.3 tcp 21
20:31:05 ssh_bruteforce wan0 104.244.76.13 192.168.10.2 tcp 22
20:28:44 malware_c2 wan0 37.120.247.51 192.168.10.20 tcp 8443
20:25:33 port_scan wan0 209.141.58.114 192.168.10.5 tcp 80
20:22:18 spoofed_source wan0 198.51.100.77 192.168.10.1 tcp 53
20:18:55 syn_flood_guard wan0 178.128.0.88 192.168.10.5 tcp 443
20:15:41 dns_amplification wan0 46.166.139.111 192.168.10.1 udp 53
20:12:20 ssh_bruteforce wan0 91.215.85.214 192.168.10.2 tcp 22
20:09:07 tor_exit_drop wan0 23.129.64.100 192.168.10.2 tcp 443
20:05:44 port_scan wan0 45.33.32.76 192.168.10.5 tcp 8080
20:02:19 http_probing wan0 162.247.74.213 192.168.10.5 tcp 80
19:58:41 bruteforce_ftp wan0 185.156.73.54 192.168.10.3 tcp 21
SSH Brute-Force Attackers auth.log
#IPFailed AttemptsIn BlacklistIn CrowdSec
1 103.21.244.82 214 CS
2 45.142.193.18 181 Banned auto
3 185.220.101.33 98
4 5.188.210.101 76 Banned auto
5 91.240.118.172 64 Banned auto
6 104.244.76.13 51 CS
7 91.215.85.214 39 CS
8 162.247.74.201 28 CS
9 194.163.131.18 22 Banned auto
10 37.120.247.51 14 Banned auto
11 23.94.168.70 9
12 178.128.0.88 7
nft Blacklist auto-ban
IPTimeout
45.142.193.18 21h
91.240.118.172 15h
5.188.210.101 12h
194.163.131.18 9h
37.120.247.51 4h
209.141.58.114 3h
45.33.32.76 2h
185.156.73.54 1h
CrowdSec Blacklist 33171 IPs in nft set (showing 12)
IPTimeoutExpires
45.142.193.18 6d 22h 6d 21h
103.21.244.82 3h 18m 3h 12m
162.247.74.201 5h 12m 5h 06m
185.220.101.33 4d 08h 4d 07h
91.240.118.172 2d 14h 2d 13h
104.244.76.13 8h 04m 7h 58m
91.215.85.214 11h 33m 11h 27m
23.129.64.100 14h 07m 14h 01m
77.247.181.162 7h 55m 7h 49m
194.163.131.18 1d 06h 1d 05h
5.188.210.101 9h 22m 9h 16m
178.128.0.88 3d 02h 3d 01h
CrowdSec Decisions active bans
IPScenarioActionDurationEvents
103.21.244.82 ssh-bf ban 3h 18m 214
162.247.74.201 http-probing ban 5h 12m 167
104.244.76.13 ssh-bf ban 8h 04m 51
91.215.85.214 ssh-bf ban 11h 33m 39
23.129.64.100 tor-exit ban 14h 07m 152
77.247.181.162 tor-exit ban 7h 55m 89
Suricata Alerts last 12
TimeActionSrcDstProtoPortSignature
20:48:10 DROP 45.142.193.18 192.168.10.5 tcp 22 [BRIDGE] SSH brute force attempt
20:47:55 DROP 91.240.118.172 192.168.10.5 tcp 22 [BRIDGE] SSH brute force attempt
20:46:33 ALERT 162.247.74.213 192.168.10.5 tcp 80 ET SCAN Potential SSH Scan
20:44:18 ALERT 178.128.0.88 192.168.10.5 tcp 443 ET DROP Dshield Block Listed Source group 1
20:41:44 ALERT 46.166.139.111 192.168.10.1 udp 53 ET DNS Amplification Attack Query
20:38:07 DROP 185.220.101.33 192.168.10.8 tcp 80 [BRIDGE] Dir traversal attempt
20:35:22 ALERT 77.247.181.162 192.168.10.2 tcp 443 ET TOR Known Tor Exit Node Traffic
20:31:58 ALERT 23.129.64.100 192.168.10.2 tcp 443 ET CINS Active Threat Intelligence Poor Reputation IP
20:28:14 DROP 5.188.210.101 192.168.10.2 tcp 443 [BRIDGE] Known malicious outbound C2 pattern
20:24:51 ALERT 37.120.247.51 192.168.10.20 tcp 8443 ET CINS Active Threat Intelligence Poor Reputation IP
20:20:33 DROP 194.163.131.18 192.168.10.3 tcp 80 [BRIDGE] XSS attempt
20:16:47 ALERT 209.141.58.114 192.168.10.5 tcp 80 ET DROP Spamhaus DROP Listed Traffic Inbound

Suricata rules loaded: 49902 | IPS mode: IPS | Accepted: 3842 | Blocked: 47 | Alerts: 218

🌙