irmadladNetwork Security Audit
DecronymAcronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System IP Internet Protocol NAT Network Address Translation VPN Virtual Private Network[Thread #116 for this comm, first seen 24th Feb 2026, 20:30] [FAQ] [Full list] [Contact] [Source code]
Do you place any restrictions on the containers or the container daemon as a whole?
Moreso asking so I can copy your settings. But I have had my server brought down just from the services themselves consuming too much memory or disk space, so something to look into if you haven’t already.
I have had my server brought down just from the services themselves consuming too much memory or disk space
Server is utilizing a 8 TB SSD and 40 GB RAM. I can go into Portainer and regulate how much resources I allot to each container, however, I’ve never had any issues in that regard. Server generally hums along at 15-25% for around 75 different containers.
Awesome! You’re making me want to give Portainer another go.
I’m running a potato pi with 0.5 TB and 8 GB RAM so…slightly different situation here :P
No scanning? External, internal, and host scans. I’d also set up a network traffic analyzer if you want to go really advanced.
Op is running suricata
Running suricata on your wan interface is just generating a ton of noise and will be really confusing for you if you haven’t reviewed packet inspection alerts before. Not a lot of value in it unless you have many users “phoning home”.
Just run it on the lan interface.
I’ve been told this before. I also acknowledge and appreciate your advice coming from a professional pov. However, here’s the thing…my OCD would never allow me not to know. It would drive me up the wall not knowing. I get what you are saying, and you are right. It is my kryptonite not to know. It is a curse I can tell you.
OK, well it’s not harming anything, so if you’re game to learn, by all means.
When you look at traffic on a public interface, besides learning what to filter out that is just normal (probes, crawls, etc from legit sources), but you also will run into badly-formed TCP traffic:
Martian packets: en.wikipedia.org/wiki/Martian_packet IP spoofing: en.wikipedia.org/wiki/IP_address_spoofing (I used to have a better resource for this,I’ll try to find it) How RPC works: pentest.co.uk/…/researching-remote-procedure-call…
That should help clarify a lot of what you’ll see in traffic on your segment.
You may also want to briefly read about how CDNs work, you’ll see a lot of akamai and cloudflare traffic too.
That should help clarify a lot of what you’ll see in traffic on your segment.
Thank you for the links and guidance. I will definitely read those. Yeah I do see a lot of things like:
- SURICATA STREAM FIN2 FIN with wrong seq (this is from local chatter)
- ET INFO DNS Query for Suspicious .ml Domain (must check out this suspicious domain /s)
- ET INFO Observed DNS Query to .world TLD (same as above)
- SURICATA STREAM Packet with invalid timestamp (local chatter - common triggered event from what I understand)
- SURICATA STREAM FIN invalid ack (known domain speedtest)
So, since I am working within the framework of my own personal shortcomings and have to know, I research them to find out why they get triggered. That way I don’t freak out over them A lot of them are benign and due to normal occurrences between server and user.
As a certified IT professional I can tell you I’d much rather have a coworker who got down in the weeds and did things. Anyone can pick up a cert, that’s resume padding. Operational experience is the real prize
Operational experience is the real prize
Perhaps, but I’ve found that HR likes paper tigers. LOL Not discounting anyone’s hard work at all. I do learn from others more knowledgeable than I. I’ve had a computer of some sort in front of me since the mid 70s with the Altair. Don’t mistake longevity with knowledge tho. What little I do know came from reading, doing, screwing it up, rinse, repeat ad nauseam until success, and then write that shit down because it will come up again more than likely.