Comment on Help With Selfhosted Homelab Network Issue
non_burglar@lemmy.world 2 weeks ago
We would need more info to help confirm, but watching ids traffic will show you lots of misconfigurations as well as actually suspicious traffic, so this might be a POS device doing stupid stuff.
Is suricata listening on an internal subnet interface? If you are listening on a public interface, your job sorting through the trash traffic will be difficult because determining source is nearly pointless and your external interface should not know anything about the internal subnet.
irmadlad@lemmy.world 2 weeks ago
Suricata monitors both WAN & LAN. I also use ntopng for traffic analysis.
All multicast/broadcast are confined to local and are not leaked to the WAN…that I know of. I’m guessing that’s what you are telling me. Again, I do not possess the skills of a seasoned network engineer, which is why I’m consulting with the experts. I just know what I see on my network and investigate/research until I have a broader understanding.