First off, thank you Tom and Lawrence Systems for providing the videos over the years. Greatly appreciated.
I get a daily email from pfsense, and while it has obviously been happening for awhile now, I wanted to see what others think.
The system log is filled with this:
Apr 24 22:45:09 pfsense sshd[84241]: Did not receive identification string from 192.168.2.1 port 12268
Apr 24 22:45:09 pfsense sshguard[84766]: Attack from “192.168.2.1” on service SSH with danger 10.
Apr 24 22:45:09 pfsense sshd[85755]: Did not receive identification string from 192.168.2.1 port 46048
Apr 24 22:45:09 pfsense sshguard[84766]: Attack from “192.168.2.1” on service SSH with danger 10.
Network config is this:
WAN-192.168.1.3
LAN/PFSense-192.168.2.1
Then VL20, VL30, VL40, VL50, VL60
My question is, is PFsense attacking itself, since the attack appears to originate from the PFSense appliance itself?
I do have rules blocking access to the appliance itself, and I am only able to access the appliance from one computer, located on VL20(this PC, 192.168.20.2).
I do occasionally access the cli(updates) for the pfsense appliance, but usually do most things through the gui.
Should I be concerned? Or is this normal chatter?