Security overview
Security Dashboard
Real-time firewall metrics, threat intelligence, SSH brute-force monitoring, IDS signals and blacklist management across all security layers.
Live
nft Drops
3294
Total blocked
Unique Src
312
Source IPs
Blacklist
148
Auto-banned
CrowdSec
521
CS entries
SSH Failed
804
Auth attempts
CS Alerts
47
Alert decisions
Suricata Rules
49902
IDS ruleset
Drop Rules
24
nft rules
nftables
active
47d 13h
dnsmasq
active
47d 12h
wg-quick@wg0
active
16d 04h
crowdsec
active
47d 10h
suricata
active
11d 08h
frr
inactive
standby
Top-20 Sources by hits
| # | IP | Hits | Share |
|---|---|---|---|
| 1 | 45.142.193.18 | 931 |
28.3%
|
| 2 | 103.21.244.82 | 614 |
18.6%
|
| 3 | 185.220.101.33 | 488 |
14.8%
|
| 4 | 91.240.118.172 | 392 |
11.9%
|
| 5 | 198.51.100.77 | 214 |
6.5%
|
| 6 | 162.247.74.201 | 189 |
5.7%
|
| 7 | 23.129.64.100 | 167 |
5.1%
|
| 8 | 77.247.181.162 | 152 |
4.6%
|
| 9 | 104.244.76.13 | 138 |
4.2%
|
| 10 | 5.188.210.101 | 124 |
3.8%
|
| 11 | 194.163.131.18 | 112 |
3.4%
|
| 12 | 178.128.0.88 | 98 |
3.0%
|
| 13 | 209.141.58.114 | 87 |
2.6%
|
| 14 | 162.247.74.213 | 76 |
2.3%
|
| 15 | 45.33.32.76 | 64 |
1.9%
|
| 16 | 46.166.139.111 | 58 |
1.8%
|
| 17 | 91.215.85.214 | 47 |
1.4%
|
| 18 | 37.120.247.51 | 39 |
1.2%
|
| 19 | 185.156.73.54 | 31 |
0.9%
|
| 20 | 23.94.168.70 | 24 |
0.7%
|
By Rule distribution
| Rule | Hits | Share |
|---|---|---|
| ssh_bruteforce | 642 |
19.5%
|
| port_scan | 511 |
15.5%
|
| bogon_drop | 308 |
9.4%
|
| syn_flood_guard | 229 |
7.0%
|
| dns_amplification | 144 |
4.4%
|
| http_probing | 118 |
3.6%
|
| tor_exit_drop | 89 |
2.7%
|
| bruteforce_ftp | 67 |
2.0%
|
| malware_c2 | 41 |
1.2%
|
| spoofed_source | 28 |
0.9%
|
By Dst Port services
| Port | Service | Hits | Share |
|---|---|---|---|
| 22 | SSH | 642 |
19.5%
|
| 443 | HTTPS | 511 |
15.5%
|
| 53 | DNS | 308 |
9.4%
|
| 8080 | HTTP alt | 229 |
7.0%
|
| 8443 | HTTPS alt | 144 |
4.4%
|
| 80 | HTTP | 118 |
3.6%
|
| 3389 | RDP | 89 |
2.7%
|
| 21 | FTP | 67 |
2.0%
|
| 25 | SMTP | 41 |
1.2%
|
| 8443 | HTTPS alt | 28 |
0.9%
|
Last 50 Drops recent
| Time | Rule | IF | Src | Dst | Proto | DPT |
|---|---|---|---|---|---|---|
| 20:47:12 | port_scan | wan0 | 45.142.193.18 | 192.168.10.5 | tcp | 443 |
| 20:46:58 | ssh_bruteforce | wan0 | 103.21.244.82 | 192.168.10.2 | tcp | 22 |
| 20:45:30 | dns_amplification | wan0 | 185.220.101.33 | 192.168.10.1 | udp | 53 |
| 20:44:11 | syn_flood_guard | wan0 | 91.240.118.172 | 192.168.10.5 | tcp | 443 |
| 20:42:09 | http_probing | wan0 | 162.247.74.201 | 192.168.10.5 | tcp | 80 |
| 20:39:55 | tor_exit_drop | wan0 | 77.247.181.162 | 192.168.10.2 | tcp | 443 |
| 20:38:17 | bogon_drop | wan0 | 10.42.0.9 | 192.168.10.1 | tcp | 8080 |
| 20:35:42 | ssh_bruteforce | wan0 | 5.188.210.101 | 192.168.10.2 | tcp | 22 |
| 20:33:10 | bruteforce_ftp | wan0 | 194.163.131.18 | 192.168.10.3 | tcp | 21 |
| 20:31:05 | ssh_bruteforce | wan0 | 104.244.76.13 | 192.168.10.2 | tcp | 22 |
| 20:28:44 | malware_c2 | wan0 | 37.120.247.51 | 192.168.10.20 | tcp | 8443 |
| 20:25:33 | port_scan | wan0 | 209.141.58.114 | 192.168.10.5 | tcp | 80 |
| 20:22:18 | spoofed_source | wan0 | 198.51.100.77 | 192.168.10.1 | tcp | 53 |
| 20:18:55 | syn_flood_guard | wan0 | 178.128.0.88 | 192.168.10.5 | tcp | 443 |
| 20:15:41 | dns_amplification | wan0 | 46.166.139.111 | 192.168.10.1 | udp | 53 |
| 20:12:20 | ssh_bruteforce | wan0 | 91.215.85.214 | 192.168.10.2 | tcp | 22 |
| 20:09:07 | tor_exit_drop | wan0 | 23.129.64.100 | 192.168.10.2 | tcp | 443 |
| 20:05:44 | port_scan | wan0 | 45.33.32.76 | 192.168.10.5 | tcp | 8080 |
| 20:02:19 | http_probing | wan0 | 162.247.74.213 | 192.168.10.5 | tcp | 80 |
| 19:58:41 | bruteforce_ftp | wan0 | 185.156.73.54 | 192.168.10.3 | tcp | 21 |
SSH Brute-Force Attackers auth.log
| # | IP | Failed Attempts | In Blacklist | In CrowdSec |
|---|---|---|---|---|
| 1 | 103.21.244.82 | 214 | — | CS |
| 2 | 45.142.193.18 | 181 | Banned | auto |
| 3 | 185.220.101.33 | 98 | — | — |
| 4 | 5.188.210.101 | 76 | Banned | auto |
| 5 | 91.240.118.172 | 64 | Banned | auto |
| 6 | 104.244.76.13 | 51 | — | CS |
| 7 | 91.215.85.214 | 39 | — | CS |
| 8 | 162.247.74.201 | 28 | — | CS |
| 9 | 194.163.131.18 | 22 | Banned | auto |
| 10 | 37.120.247.51 | 14 | Banned | auto |
| 11 | 23.94.168.70 | 9 | — | — |
| 12 | 178.128.0.88 | 7 | — | — |
nft Blacklist auto-ban
| IP | Timeout |
|---|---|
| 45.142.193.18 | 21h |
| 91.240.118.172 | 15h |
| 5.188.210.101 | 12h |
| 194.163.131.18 | 9h |
| 37.120.247.51 | 4h |
| 209.141.58.114 | 3h |
| 45.33.32.76 | 2h |
| 185.156.73.54 | 1h |
CrowdSec Blacklist 33171 IPs in nft set (showing 12)
| IP | Timeout | Expires |
|---|---|---|
| 45.142.193.18 | 6d 22h | 6d 21h |
| 103.21.244.82 | 3h 18m | 3h 12m |
| 162.247.74.201 | 5h 12m | 5h 06m |
| 185.220.101.33 | 4d 08h | 4d 07h |
| 91.240.118.172 | 2d 14h | 2d 13h |
| 104.244.76.13 | 8h 04m | 7h 58m |
| 91.215.85.214 | 11h 33m | 11h 27m |
| 23.129.64.100 | 14h 07m | 14h 01m |
| 77.247.181.162 | 7h 55m | 7h 49m |
| 194.163.131.18 | 1d 06h | 1d 05h |
| 5.188.210.101 | 9h 22m | 9h 16m |
| 178.128.0.88 | 3d 02h | 3d 01h |
CrowdSec Decisions active bans
| IP | Scenario | Action | Duration | Events |
|---|---|---|---|---|
| 103.21.244.82 | ssh-bf | ban | 3h 18m | 214 |
| 162.247.74.201 | http-probing | ban | 5h 12m | 167 |
| 104.244.76.13 | ssh-bf | ban | 8h 04m | 51 |
| 91.215.85.214 | ssh-bf | ban | 11h 33m | 39 |
| 23.129.64.100 | tor-exit | ban | 14h 07m | 152 |
| 77.247.181.162 | tor-exit | ban | 7h 55m | 89 |
Suricata Alerts last 12
| Time | Action | Src | Dst | Proto | Port | Signature |
|---|---|---|---|---|---|---|
| 20:48:10 | DROP | 45.142.193.18 | 192.168.10.5 | tcp | 22 | |
| 20:47:55 | DROP | 91.240.118.172 | 192.168.10.5 | tcp | 22 | |
| 20:46:33 | ALERT | 162.247.74.213 | 192.168.10.5 | tcp | 80 | |
| 20:44:18 | ALERT | 178.128.0.88 | 192.168.10.5 | tcp | 443 | |
| 20:41:44 | ALERT | 46.166.139.111 | 192.168.10.1 | udp | 53 | |
| 20:38:07 | DROP | 185.220.101.33 | 192.168.10.8 | tcp | 80 | |
| 20:35:22 | ALERT | 77.247.181.162 | 192.168.10.2 | tcp | 443 | |
| 20:31:58 | ALERT | 23.129.64.100 | 192.168.10.2 | tcp | 443 | |
| 20:28:14 | DROP | 5.188.210.101 | 192.168.10.2 | tcp | 443 | |
| 20:24:51 | ALERT | 37.120.247.51 | 192.168.10.20 | tcp | 8443 | |
| 20:20:33 | DROP | 194.163.131.18 | 192.168.10.3 | tcp | 80 | |
| 20:16:47 | ALERT | 209.141.58.114 | 192.168.10.5 | tcp | 80 |