This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intrusion Protection

I currently don't have a license for the manged IPS service and only use what little the home license provides.

My home security cameras picked up a neighbor (a retired database engineer) placing a small device on my front lawn.  Walking away for an hour, then returning to retrieve it.  I'm assuming it's a nefarious network device and I'm  wondering how the UTM logs would pick up related intrusion attempts.

Thanks,

~D



This thread was automatically locked due to age.
  • The 'little home license' provides IPS.  Matter of fact, there are only a couple of items it doesn't support, such as Sandstorm and BasicGuard support.  Other than that, you are getting a LOT of coverage for a free license, including Network Protection.

    Very odd that your neighbor would be doing this and you believe it to be a network intrusion device.  You would see attempts in your Network Protection logs and most likely in the Statistics window when you open Network Protection.  

    Then I would make a call to police about the malicious activity if you discovered it was a device your neighbor placed on your property designed to attempt intrusion.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Do you use WiFi behind the UTM.
    First, your neighbor has to get access to your network.
    If he captures enough WIFI traffic, he may be able to get the wifi-key.
    This you can't see within your IPS.
    If he is already connected to your (W)LAN, he may try to connect other devices. This may be visible as a "network anomaly" ... but unfortunately this feature is not included within Sophos IPS.

    ...
    But the device can be a little camera or a motion detector too to get some details about you .... or simple count cars // calculate car speed within your street.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.