Configuration options for Ubiquiti

Review configuration options for Ubiquiti firewalls in RocketCyber

IP blacklisted by OpenProxies	These are IP addresses that have been labelled as malicious by different threat intelligence sources
IP blacklisted by OpenBL
IP blacklisted by ASL
Emerging threats	Checks traffic against known malicious actors
Suspicious origin IP	Checks for traffic originating from regions with high proportions of malicious actors (e.g. Iran)
DDoS attack via NTP	These are different means of attempting to bring down your network by overwhelming available resources
DDoS attack via DNS amplifier
Heartbleed attack	Checks for attempts to exploit the Heartbleed vulnerability, which would allow an attacker to access whatever data is in active memory on the machine

Log Format

The expected format for Ubiquiti logs is space-separated. For example

EXAMPLE <4>May 19 11:57:51 UBG-Dallas kernel: [WAN_IN-3005-A]IN=eth2 OUT=eth0 MAC=18:e8:29:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:00 SRC=96.78.75.73 DST=70.70.71.75 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=9777 DF PROTO=TCP SPT=56777 DPT=8777 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.