• Pfsense WAN pppoe isp account desapeard

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    R
    The problem came back. something made it restart and after the ISP PPPOe account (user and password) vanished . Please not that there is a gap in 19:46 ,the system rebooted @ this time 10.6.30.254 04/05/08 19:45:13 04/05/08 19:45:07 pfsense system Info mpd [pt0] LCP: Down event 10.6.30.254 04/05/08 19:45:13 04/05/08 19:45:07 pfsense system Info mpd [pt0] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:45:13 04/05/08 19:45:07 pfsense system Info mpd [pt0] pausing 7 seconds before open 10.6.30.254 04/05/08 19:45:13 04/05/08 19:45:07 pfsense system Info mpd [pt0] device is now in state DOWN 10.6.30.254 04/05/08 19:45:20 04/05/08 19:45:14 pfsense system Info mpd [pt0] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:45:20 04/05/08 19:45:14 pfsense system Info mpd [pt0] pausing 2 seconds before open 10.6.30.254 04/05/08 19:45:20 04/05/08 19:45:14 pfsense system Info mpd [pt0] device is now in state DOWN 10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] pptp originate option is not enabled 10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device is now in state OPENING 10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device: DOWN event in state OPENING 10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device is now in state DOWN 10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] link: DOWN event 10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] LCP: Down event 10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] pausing 9 seconds before open 10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device is now in state DOWN 10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] pptp originate option is not enabled 10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device is now in state OPENING 10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device: DOWN event in state OPENING 10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device is now in state DOWN 10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] link: DOWN event 10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] LCP: Down event 10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] pausing 9 seconds before open 10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device is now in state DOWN 10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] pptp originate option is not enabled 10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device is now in state OPENING 10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device: DOWN event in state OPENING 10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device is now in state DOWN 10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] link: DOWN event 10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] LCP: Down event 10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] pausing 9 seconds before open 10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device is now in state DOWN 10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] pptp originate option is not enabled 10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device is now in state OPENING 10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device: DOWN event in state OPENING 10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device is now in state DOWN 10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] link: DOWN event 10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] LCP: Down event 10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] pausing 7 seconds before open 10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device is now in state DOWN 10.6.30.254 04/05/08 19:47:06 04/05/08 19:47:04 system Info mpd mpd: pid 229, version 3.18 (root@freebsd6.geekgod.com 12:32  6-Jan-2008) 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:05 secur/auth Error sshlockout[243] sshlockout starting up 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] ppp node is "mpd229-pppoe" 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] exec: /sbin/ifconfig fxp0 up 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] using interface ng0 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] IPCP: peer address cannot be zero 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] IFACE: Open event 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] IPCP: Open event 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] IPCP: state change Initial –> Starting 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] IPCP: LayerStart 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] bundle: OPEN event in state CLOSED 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] opening link "pppoe"… 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] link: OPEN event 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] LCP: Open event 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] LCP: state change Initial –> Starting 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] LCP: LayerStart 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] device is now in state OPENING 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] rec'd ACNAME "far-br1" 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 secur/auth Info sshd[242] Server listening on :: port 22. 10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 secur/auth Info sshd[242] Server listening on 0.0.0.0 port 22. 10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] PPPoE connection timeout after 9 seconds 10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] device: DOWN event in state OPENING 10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] device is now in state DOWN 10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] link: DOWN event 10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] LCP: Down event 10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] pausing 4 seconds before open 10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] device is now in state DOWN 10.6.30.254 04/05/08 19:47:20 04/05/08 19:47:17 system Info mpd [pppoe] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:47:20 04/05/08 19:47:17 system Info mpd [pppoe] pausing 2 seconds before open 10.6.30.254 04/05/08 19:47:20 04/05/08 19:47:17 system Info mpd [pppoe] device is now in state DOWN 10.6.30.254 04/05/08 19:47:22 04/05/08 19:47:19 system Info mpd [pppoe] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:47:22 04/05/08 19:47:19 system Info mpd [pppoe] device is now in state OPENING 10.6.30.254 04/05/08 19:47:22 04/05/08 19:47:19 system Info mpd [pppoe] rec'd ACNAME "far-br1" 10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] PPPoE connection timeout after 9 seconds 10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] device: DOWN event in state OPENING 10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] device is now in state DOWN 10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] link: DOWN event 10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] LCP: Down event 10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] pausing 6 seconds before open 10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] device is now in state DOWN 10.6.30.254 04/05/08 19:47:37 04/05/08 19:47:34 system Info mpd [pppoe] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:47:37 04/05/08 19:47:34 system Info mpd [pppoe] device is now in state OPENING 10.6.30.254 04/05/08 19:47:37 04/05/08 19:47:34 system Info mpd [pppoe] rec'd ACNAME "far-br1" 10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] PPPoE connection timeout after 9 seconds 10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] device: DOWN event in state OPENING 10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] device is now in state DOWN 10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] link: DOWN event 10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] LCP: Down event 10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] pausing 4 seconds before open 10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] device is now in state DOWN 10.6.30.254 04/05/08 19:47:47 04/05/08 19:47:45 local 0 Info pf tcpdump: WARNING: pflog0: no IPv4 address assigned 10.6.30.254 04/05/08 19:47:47 04/05/08 19:47:45 local 0 Info pf tcpdump: listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes 10.6.30.254 04/05/08 19:47:50 04/05/08 19:47:47 system Warning openvpn[349] Use –help for more information. 10.6.30.254 04/05/08 19:47:50 04/05/08 19:47:47 system Error openvpn[349] Options error: Unrecognized option or missing parameter(s) in /var/etc/openvpn_server0.conf:14: lport (2.0.6) 10.6.30.254 04/05/08 19:47:50 04/05/08 19:47:47 system Info mpd [pppoe] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:47:50 04/05/08 19:47:47 system Info mpd [pppoe] pausing 2 seconds before open 10.6.30.254 04/05/08 19:47:50 04/05/08 19:47:47 system Info mpd [pppoe] device is now in state DOWN 10.6.30.254 04/05/08 19:47:51 04/05/08 19:47:49 system Warning openvpn[353] Use –help for more information. 10.6.30.254 04/05/08 19:47:51 04/05/08 19:47:49 system Error openvpn[353] Options error: Unrecognized option or missing parameter(s) in /var/etc/openvpn_client0.conf:14: remote (2.0.6) 10.6.30.254 04/05/08 19:47:52 04/05/08 19:47:49 system Info mpd [pppoe] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:47:52 04/05/08 19:47:49 system Info mpd [pppoe] device is now in state OPENING 10.6.30.254 04/05/08 19:47:52 04/05/08 19:47:49 system Info mpd [pppoe] rec'd ACNAME "far-br1" 10.6.30.254 04/05/08 19:48:00 04/05/08 19:47:58 system Notice snort2c[520] snort2c running in daemon mode pid: 520 10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Notice pftpx[530] listening on 127.0.0.1 port 8021 10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Notice pftpx[538] listening on 127.0.0.1 port 8022 10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] PPPoE connection timeout after 9 seconds 10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] device: DOWN event in state OPENING 10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] device is now in state DOWN 10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] link: DOWN event 10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] LCP: Down event 10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] pausing 4 seconds before open 10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] device is now in state DOWN 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:01 system Info dhcpd Internet Systems Consortium DHCP Server V3.0.5 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:01 system Info dhcpd Copyright 2004-2006 Internet Systems Consortium. 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:01 system Info dhcpd All rights reserved. 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:01 system Info dhcpd For info, please visit http://www.isc.org/sw/dhcp/ 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Internet Systems Consortium DHCP Server V3.0.5 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Copyright 2004-2006 Internet Systems Consortium. 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd All rights reserved. 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd For info, please visit http://www.isc.org/sw/dhcp/ 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Wrote 0 deleted host decls to leases file. 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Wrote 0 new dynamic host decls to leases file. 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Wrote 10 leases to leases file. 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Listening on BPF/fxp1/00:d0:b7:81:7c:75/10.6.30/24 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Sending on  BPF/fxp1/00:d0:b7:81:7c:75/10.6.30/24 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Sending on  Socket/fallback/fallback-net 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] started, version 2.39 cachesize 150 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] compile time options: IPv6 GNU-getopt ISC-leasefile no-DBus no-I18N TFTP 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] reading /var/dhcpd/var/db/dhcpd.leases 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] reading /etc/resolv.conf 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] using nameserver 208.67.222.222#53 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] using nameserver 208.67.220.220#53 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] read /etc/hosts - 2 addresses 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd mpd: pid 639, version 3.18 (root@freebsd6.geekgod.com 12:32  6-Jan-2008) 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt0] ppp node is "mpd639-pt0" 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd mpd: local IP address for PPTP is 0.0.0.0 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt0] using interface ng1 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt1] ppp node is "mpd639-pt1" 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt1] using interface ng2 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt2] ppp node is "mpd639-pt2" 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt2] using interface ng3 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt3] ppp node is "mpd639-pt3" 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt3] using interface ng4 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt4] ppp node is "mpd639-pt4" 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt4] using interface ng5 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt5] ppp node is "mpd639-pt5" 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt5] using interface ng6 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt6] ppp node is "mpd639-pt6" 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt6] using interface ng7 10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt7] ppp node is "mpd639-pt7" 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt7] using interface ng8 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt8] ppp node is "mpd639-pt8" 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt8] using interface ng9 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt9] ppp node is "mpd639-pt9" 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt9] using interface ng10 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt10] ppp node is "mpd639-pt10" 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt10] using interface ng11 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt11] ppp node is "mpd639-pt11" 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt11] using interface ng12 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt12] ppp node is "mpd639-pt12" 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt12] using interface ng13 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt13] ppp node is "mpd639-pt13" 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt13] using interface ng14 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt14] ppp node is "mpd639-pt14" 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt14] using interface ng15 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt15] ppp node is "mpd639-pt15" 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt15] using interface ng16 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pppoe] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pppoe] pausing 1 seconds before open 10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pppoe] device is now in state DOWN 10.6.30.254 04/05/08 19:48:06 04/05/08 19:48:03 system Info mpd [pppoe] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:48:06 04/05/08 19:48:03 system Info mpd [pppoe] device is now in state OPENING 10.6.30.254 04/05/08 19:48:06 04/05/08 19:48:03 system Info mpd [pppoe] rec'd ACNAME "far-br1" 10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 system Info dhcpd Internet Systems Consortium DHCP Server V3.0.5 10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 system Info dhcpd Copyright 2004-2006 Internet Systems Consortium. 10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 system Info dhcpd All rights reserved. 10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 system Info dhcpd For info, please visit http://www.isc.org/sw/dhcp/ 10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Internet Systems Consortium DHCP Server V3.0.5 10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Copyright 2004-2006 Internet Systems Consortium. 10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd All rights reserved. 10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd For info, please visit http://www.isc.org/sw/dhcp/ 10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Wrote 0 deleted host decls to leases file. 10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Wrote 0 new dynamic host decls to leases file. 10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Wrote 10 leases to leases file. 10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Listening on BPF/fxp1/00:d0:b7:81:7c:75/10.6.30/24 10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Sending on  BPF/fxp1/00:d0:b7:81:7c:75/10.6.30/24 10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Sending on  Socket/fallback/fallback-net 10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:08 system Error routed[934] possible netmask problem between rl0:10.6.0.0/17 and fxp1:10.6.30.0/24 10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:08 system Error routed[934] Send mcast sendto(rl0, 224.0.0.9.520): Network is unreachable 10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:08 system Error routed[934] Send mcast sendto(fxp1, 224.0.0.9.520): Network is unreachable 10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:09 local 0 Info pf 000000 rule 448/unkn(8): pass out on fxp1: (tos 0x0, ttl  1, id 5839, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.30.254 > 224.0.0.9: igmp v2 report 224.0.0.9 10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:09 local 0 Info pf 001638 rule 449/unkn(8): pass out on rl0: (tos 0x0, ttl  1, id 52372, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.35.254 > 224.0.0.9: igmp v2 report 224.0.0.9 10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:09 local 0 Info pf 000319 rule 449/unkn(8): pass out on rl0: (tos 0x0, ttl  1, id 60666, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.35.254 > 224.0.0.2: igmp v2 report 224.0.0.2 10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:09 local 0 Info pf 000173 rule 448/unkn(8): pass out on fxp1: (tos 0x0, ttl  1, id 32222, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.30.254 > 224.0.0.2: igmp v2 report 224.0.0.2 10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:09 local 0 Info pf 716251 rule 448/unkn(8): pass out on fxp1: (tos 0x0, ttl  1, id 29876, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.30.254 > 224.0.0.9: igmp v2 report 224.0.0.9 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] PPPoE connection successful 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] device: UP event in state OPENING 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] device is now in state UP 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] link: UP event 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] link: origination is local 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: Up event 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: state change Starting –> Req-Sent 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: phase shift DEAD –> ESTABLISH 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: SendConfigReq #1 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MRU 1492 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MAGICNUM bd4093e9 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: rec'd Configure Request #153 link 0 (Req-Sent) 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MRU 1492 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd AUTHPROTO PAP 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MAGICNUM 3283f015 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: SendConfigAck #153 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MRU 1492 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd AUTHPROTO PAP 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MAGICNUM 3283f015 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: state change Req-Sent –> Ack-Sent 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: rec'd Configure Ack #1 link 0 (Ack-Sent) 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MRU 1492 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MAGICNUM bd4093e9 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: state change Ack-Sent –> Opened 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: phase shift ESTABLISH –> AUTHENTICATE 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: auth: peer wants PAP, I want nothing 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] PAP: using authname "" 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd mpd: empty auth name 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd Warning: no secret for "" found 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] PAP: sending REQUEST 10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: LayerUp 10.6.30.254 04/05/08 19:48:14 04/05/08 19:48:11 system Info mpd [pppoe] PAP: using authname "" 10.6.30.254 04/05/08 19:48:14 04/05/08 19:48:11 system Info mpd mpd: empty auth name 10.6.30.254 04/05/08 19:48:14 04/05/08 19:48:11 system Info mpd Warning: no secret for "" found 10.6.30.254 04/05/08 19:48:14 04/05/08 19:48:11 system Info mpd [pppoe] PAP: sending REQUEST 10.6.30.254 04/05/08 19:48:14 04/05/08 19:48:12 local 0 Info pf 2. 999542 rule 448/unkn(8): pass out on fxp1: (tos 0x0, ttl  1, id 16795, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.30.254 > 224.0.0.2: igmp v2 report 224.0.0.2 10.6.30.254 04/05/08 19:48:15 04/05/08 19:48:12 system Info dnsmasq[626] reading /var/dhcpd/var/db/dhcpd.leases 10.6.30.254 04/05/08 19:48:15 04/05/08 19:48:13 local 0 Info pf 199981 rule 449/unkn(8): pass out on rl0: (tos 0x0, ttl  1, id 12970, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.35.254 > 224.0.0.9: igmp v2 report 224.0.0.9 10.6.30.254 04/05/08 19:48:15 04/05/08 19:48:13 local 0 Info pf 200003 rule 449/unkn(8): pass out on rl0: (tos 0x0, ttl  1, id 9978, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.35.254 > 224.0.0.2: igmp v2 report 224.0.0.2 10.6.30.254 04/05/08 19:48:16 04/05/08 19:48:13 system Info mpd [pppoe] PAP: using authname "" 10.6.30.254 04/05/08 19:48:16 04/05/08 19:48:13 system Info mpd mpd: empty auth name 10.6.30.254 04/05/08 19:48:16 04/05/08 19:48:13 system Info mpd Warning: no secret for "" found 10.6.30.254 04/05/08 19:48:16 04/05/08 19:48:13 system Info mpd [pppoe] PAP: sending REQUEST 10.6.30.254 04/05/08 19:48:28 04/05/08 19:48:25 system Error snort2c[520] SIGTERM received - exiting 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'fxp1_ADDRESS' defined, value len = 23 chars 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = 10.6.30.0/255.255.255.0 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'lo0_ADDRESS' defined, value len = 19 chars 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = 127.0.0.0/255.0.0.0 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Parsing Rules file /usr/local/etc/snort/snort.conf 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'AIM_SERVERS' defined, value len = 132 chars 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] /24] 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'HTTP_PORTS' defined, value len = 2 chars 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = 80 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'SHELLCODE_PORTS' defined, value len = 3 chars 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = !80 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'ORACLE_PORTS' defined, value len = 4 chars 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = 1521 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'HOME_NET' defined, value len = 54 chars 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1] 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'TELNET_SERVERS' defined, value len = 54 chars 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1] 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'SQL_SERVERS' defined, value len = 54 chars 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Error snort[1074] command line overrides rules file alert plugin! 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1] 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Error snort[1074] command line overrides rules file alert plugin! 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'HTTP_SERVERS' defined, value len = 54 chars 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1] 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'SMTP_SERVERS' defined, value len = 54 chars 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1] 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'DNS_SERVERS' defined, value len = 54 chars 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1] 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'EXTERNAL_NET' defined, value len = 55 chars 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = ![10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1] 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'SSH_PORTS' defined, value len = 2 chars 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = 22 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'RULE_PATH' defined, value len = 26 chars 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = /usr/local/etc/snort/rules 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Detection: 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Search-Method = Low-Mem 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] ,–---------[Flow Config]–-------------------- 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] | Stats Interval:  0 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] | Hash Method:    2 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] | Memcap:          10485760 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] | Rows  :          4099 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] | Overhead Bytes:  16400(%0.16) 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] `–-------------------------------------------- 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Frag3 global config: 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Max frags: 8192 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment memory cap: 4194304 bytes 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Frag3 engine config: 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Target-based policy: BSD 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment timeout: 60 seconds 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment min_ttl:  1 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment ttl_limit: 5 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment Problems: 0 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Frag3 engine config: 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Target-based policy: LAST 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment timeout: 60 seconds 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment min_ttl:  1 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment ttl_limit: 5 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment Problems: 1 10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Bound Addresses: 0.0.0.0/0.0.0.0 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Stream5 global config: 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Track TCP sessions: ACTIVE 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Max TCP sessions: 8192 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Memcap (for reassembly packet storage): 8388608 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Track UDP sessions: ACTIVE 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Max UDP sessions: 131072 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Track ICMP sessions: ACTIVE 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Max ICMP sessions: 65536 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Stream5 TCP Policy config: 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Reassembly Policy: BSD 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Timeout: 30 seconds 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Min ttl:  1 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Options: 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Static Flushpoint Sizes: YES 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Reassembly Ports: 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 0 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 1 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 2 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 3 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 4 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 5 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 6 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 7 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 8 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 9 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 10 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 11 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 12 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 13 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 14 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 15 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 16 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 17 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 18 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 19 client (Footprint) server (Footprint) 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Bound Addresses:0.0.0.0/0.0.0.0 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Stream5 UDP Policy config: 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Timeout: 30 seconds 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Stream5 ICMP Policy config: 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Timeout: 30 seconds 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] HttpInspect Config: 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] GLOBAL CONFIG 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Max Pipeline Requests:    0 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Inspection Type:          STATELESS 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Detect Proxy Usage:      NO 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Unicode Map Filename: /usr/local/etc/snort/unicode.map 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Unicode Map Codepage: 1252 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] DEFAULT SERVER CONFIG: 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Server profile: All 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Ports: 80 3128 8080 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Flow Depth: 0 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Max Chunk Length: 500000 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Inspect Pipeline Requests: YES 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] URI Discovery Strict Mode: NO 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Allow Proxy Usage: NO 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Disable Alerting: YES 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Oversize Dir Length: 0 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Only inspect URI: NO 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Ascii: YES alert: NO 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Double Decoding: YES alert: YES 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] %U Encoding: YES alert: YES 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Bare Byte: YES alert: YES 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Base36: OFF 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] UTF 8: YES alert: NO 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Unicode: YES alert: YES 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Multiple Slash: YES alert: NO 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Backslash: YES alert: NO 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Directory Traversal: YES alert: NO 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Web Root Traversal: YES alert: YES 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Apache WhiteSpace: YES alert: YES 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Delimiter: YES alert: YES 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Non-RFC Compliant Characters: 0x00 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Whitespace Characters: 0x09 0x0b 0x0c 0x0d 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] rpc_decode arguments: 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Ports to decode RPC on: 111 32771 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] alert_fragments: INACTIVE 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] alert_large_fragments: ACTIVE 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] alert_incomplete: ACTIVE 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] alert_multiple_requests: ACTIVE 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Portscan Detection Config: 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Detect Protocols:  TCP UDP ICMP IP 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Detect Scan Type:  portscan portsweep decoy_portscan distributed_portscan 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Sensitivity Level: Low 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Memcap (in bytes): 1048576 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Number of Nodes:  3869 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Ignore Scanner IP List: 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 10.6.30.0 / 255.255.255.0 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 208.67.220.220 / 255.255.255.255 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 208.67.222.222 / 255.255.255.255 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 127.0.0.1 / 255.255.255.255 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: authorization timer expired 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: authorization failed 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device: CLOSE event in state UP 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device is now in state CLOSING 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device: DOWN event in state CLOSING 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device is now in state DOWN 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] error writing len 12 frame to bypass: Network is down 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] link: DOWN event 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: Down event 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: state change Opened –> Starting 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: phase shift AUTHENTICATE –> DEAD 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: LayerDown 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] pausing 4 seconds before open 10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device is now in state DOWN 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Tagged Packet Limit: 256 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor/… 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dcerpc_preproc.so… 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dns_preproc.so… 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ftptelnet_preproc.so… 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_smtp_preproc.so… 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ssh_preproc.so… 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor/ 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so… 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so… 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] FTPTelnet Config: 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] GLOBAL CONFIG 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Inspection Type: stateless 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Check for Encrypted Traffic: OFF 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Continue to check encrypted data: NO 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] FTP CONFIG: 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] FTP Server: default 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Ports: 21 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Check for Telnet Cmds: OFF 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Identify open data channels: NO 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] FTP Client: default 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Check for Bounce Attacks: OFF 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Check for Telnet Cmds: OFF 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Max Response Length: 100 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] SMTP Config: 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Ports: 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] 25 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Inspection Type:            STATEFUL 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Normalize Spaces:          YES 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Ignore Data:                NO 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Ignore TLS Data:            NO 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Ignore Alerts:              NO 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Max Command Length:        0 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Max Header Line Length:    0 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Max Response Line Length:  0 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] X-Link2State Alert:        YES 10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Drop on X-Link2State Alert: NO 10.6.30.254 04/05/08 19:48:34 04/05/08 19:48:31 system Error routed[934] Send mcast sendto(rl0, 224.0.0.9.520): Network is unreachable 10.6.30.254 04/05/08 19:48:34 04/05/08 19:48:31 system Error routed[934] Send mcast sendto(fxp1, 224.0.0.9.520): Network is unreachable 10.6.30.254 04/05/08 19:48:36 04/05/08 19:48:33 system Info mpd [pppoe] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:48:36 04/05/08 19:48:33 system Info mpd [pppoe] pausing 1 seconds before open 10.6.30.254 04/05/08 19:48:36 04/05/08 19:48:33 system Info mpd [pppoe] device is now in state DOWN 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] device: OPEN event in state DOWN 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] device is now in state OPENING 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] rec'd ACNAME "far-br1" 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] PPPoE connection successful 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] device: UP event in state OPENING 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] device is now in state UP 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] link: UP event 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] link: origination is local 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] LCP: Up event 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] LCP: state change Starting –> Req-Sent 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] LCP: phase shift DEAD –> ESTABLISH 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] LCP: SendConfigReq #2 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd MRU 1492 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd MAGICNUM ba7fe929 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: rec'd Configure Request #202 link 0 (Req-Sent) 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MRU 1492 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd AUTHPROTO PAP 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MAGICNUM 4d0c018b 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: SendConfigAck #202 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MRU 1492 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd AUTHPROTO PAP 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MAGICNUM 4d0c018b 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: state change Req-Sent –> Ack-Sent 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: rec'd Configure Ack #2 link 0 (Ack-Sent) 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MRU 1492 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MAGICNUM ba7fe929 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: state change Ack-Sent –> Opened 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: phase shift ESTABLISH –> AUTHENTICATE 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: auth: peer wants PAP, I want nothing 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] PAP: using authname "" 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd mpd: empty auth name 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd Warning: no secret for "" found 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] PAP: sending REQUEST 10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: LayerUp 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Error snort[1074] OpenPcap() device fxp0 network lookup:          fxp0: no IPv4 address assigned 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Error snort[1075] OpenPcap() device fxp0 network lookup:          fxp0: no IPv4 address assigned 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] +–---------------------[thresholding-config]–-------------------------------- 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | memory-cap : 1048576 bytes 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] +–---------------------[thresholding-global]–-------------------------------- 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | none 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] +–---------------------[thresholding-local]–--------------------------------- 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=10183      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6128      type=Limit    tracking=src count=1  seconds=600 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=9839      type=Limit    tracking=src count=1  seconds=600 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6223      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6489      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=5990      type=Limit    tracking=src count=1  seconds=600 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6336      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=5835      type=Limit    tracking=src count=1  seconds=600 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6241      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=7646      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=5978      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6324      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=7547      type=Limit    tracking=src count=1  seconds=600 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=7535      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6122      type=Limit    tracking=src count=1  seconds=600 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6271      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=7142      type=Limit    tracking=src count=1  seconds=600 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6176      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=12693      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=12485      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=12679      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=5945      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6483      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6365      type=Limit    tracking=src count=1  seconds=600 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=7732      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=7739      type=Limit    tracking=src count=1  seconds=300 10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=8073    &
  • Easier to Upload New Config File Most of the time

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    M
    Thanks hoba. I always keep a copy of the original "last known good" config file just in case I screw up the config file. Of course worst case scenario is a short truck roll, reinstall from scratch, upload last know good config, and we are back in business. I am really enjoying working with pfSense. Next project is going to be another NIC with auto-failover to our secondary WAN. If I can get that figured out properly, then it will be time to go redundant… Another pfSense box next to our existing gateway catching automatic backup of the existing, and CARP failover to it. I am sure I will have a question or two once I get into that, lol. You guys are doing a great job! I have recommended pfSense to quite a few other operators out there. Please keep up the support.
  • Messenger (msn) messages has an delay up to 30minuttes?

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Quota Limit / Alarm on Certain Traffic

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    H
    You could use the captive portal with radius accounting for this. Other option is to use the bandwidthd package or something external that receives information from the pfflowd-package. Search the forum, this has actually been discussed a lot and solutions are around.
  • New installation

    Locked
    15
    0 Votes
    15 Posts
    4k Views
    K
    finally now it is working .  with this config : <pfsense><version>3.0</version>   <lastchange><theme>nervecenter</theme> <system><optimization>normal</optimization>   <hostname>pfSense</hostname>   <domain>local</domain>   <dnsallowoverride><username>admin</username>   <password>$1$GCmX2tUH$tublAsTINLcuehl9l6AJ9.</password>   <timezone>Etc/UTC</timezone>   <time-update-interval>300</time-update-interval>   <timeservers>0.pfsense.pool.ntp.org</timeservers> <webgui><protocol>http</protocol></webgui>   <disablenatreflection>yes</disablenatreflection>   <dnsserver>196.192.x.x</dnsserver>   <dnsserver>213.200.xx.xx</dnsserver></dnsallowoverride></system> <interfaces>- <lan><if>rl0</if>   <ipaddr>192.168.1.1</ipaddr>   <subnet>24</subnet>   <media><mediaopt><bandwidth>100</bandwidth>   <bandwidthtype>Mb</bandwidthtype></mediaopt></media></lan> <wan><if>vr1</if>   <mtu><media><mediaopt><bandwidth>100</bandwidth>   <bandwidthtype>Mb</bandwidthtype>   <spoofmac>00:1d:60:25:30:72</spoofmac>   <disableftpproxy><ipaddr>172.30.x.86</ipaddr>   <subnet>30</subnet>   <gateway>172.30.x.85</gateway>   <blockpriv>on</blockpriv>   <dhcphostname></dhcphostname></disableftpproxy></mediaopt></media></mtu></wan> <opt1><if>vr0</if>   <descr>OPT1</descr></opt1></interfaces>   <staticroutes>- <pppoe><username><password></password></username></pppoe> <pptp><username><password><local></local></password></username></pptp> <bigpond><username><password><authserver><authdomain><minheartbeatinterval></minheartbeatinterval></authdomain></authserver></password></username></bigpond> <dyndns><type>dyndns</type>   <username><password></password></username></dyndns> <dhcpd>- <lan><enable>- <range><from>192.168.1.10</from>   <to>192.168.1.245</to></range></enable></lan></dhcpd> <pptpd><mode><redir><localip></localip></redir></mode></pptpd>   <ovpn>- <dnsmasq><enable></enable></dnsmasq> <snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd> <diag>- <ipv6nat><ipaddr></ipaddr></ipv6nat></diag>   <bridge><syslog>- <nat><ipsecpassthru>- <advancedoutbound>- <rule>- <source>   <network>any</network>     <sourceport><descr><target>196.192.xx.x</target>   <interface>lan</interface> <destination><any></any></destination>   <natport></natport></descr></sourceport></rule> <rule>- <source>   <network>any</network>     <sourceport><descr><target>196.192.xx.x</target>   <interface>wan</interface> <destination><any></any></destination>   <natport></natport></descr></sourceport></rule> <rule>- <source>   <network>192.168.1.0/24</network>     <sourceport><descr>Auto created rule for LAN</descr>   <target><interface>wan</interface> <destination><any></any></destination>   <natport></natport></target></sourceport></rule>   <enable></enable></advancedoutbound></ipsecpassthru></nat> <filter>- <rule><type>pass</type>   <interface>wan</interface>   <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>   <os><protocol>tcp</protocol> <source>   <any>- <destination><any></any></destination></any></os></statetimeout></max-src-states></max-src-nodes></rule> <rule><type>pass</type>   <descr>Default LAN -> any</descr>   <interface>lan</interface> <source>   <network>lan</network> <destination><any></any></destination></rule> <rule><type>pass</type>   <interface>lan</interface>   <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>   <os><protocol>tcp</protocol> <source>   <any>- <destination><any></any></destination></any></os></statetimeout></max-src-states></max-src-nodes></rule></filter>   <shaper>- <ipsec><preferredoldsa></preferredoldsa></ipsec>   <aliases><proxyarp>- <cron>- <minute>0</minute>   <hour></hour>   <mday></mday>   <month></month>   <wday></wday>   <who>root</who>   <command></command>/usr/bin/nice -n20 newsyslog <minute>1,31</minute>   <hour>0-5</hour>   <mday></mday>   <month></month>   <wday>*</wday>   <who>root</who>   <command></command>/usr/bin/nice -n20 adjkerntz -a <minute>1</minute>   <hour>3</hour>   <mday>1</mday>   <month></month>   <wday></wday>   <who>root</who>   <command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh <minute>/60</minute>   <hour></hour>   <mday></mday>   <month></month>   <wday>*</wday>   <who>root</who>   <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout <minute>1</minute>   <hour>1</hour>   <mday></mday>   <month></month>   <wday>*</wday>   <who>root</who>   <command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update <minute>/60</minute>   <hour></hour>   <mday></mday>   <month></month>   <wday>*</wday>   <who>root</who>   <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot <minute>/60</minute>   <hour></hour>   <mday></mday>   <month></month>   <wday>*</wday>   <who>root</who>   <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c <minute>/5</minute>   <hour></hour>   <mday></mday>   <month></month>   <wday>*</wday>   <who>root</who>   <command></command>/usr/local/bin/checkreload.sh <minute>/5</minute>   <hour></hour>   <mday></mday>   <month></month>   <wday>*</wday>   <who>root</who>   <command></command>/etc/ping_hosts.sh <minute>/140</minute>   <hour></hour>   <mday></mday>   <month></month>   <wday>*</wday>   <who>root</who>   <command></command>/usr/local/sbin/reset_slbd.sh</cron>   <wol><installedpackages>- <revision><description>/firewall_nat_out.php made unknown change</description>   <time>1207288229</time></revision> <rrd><enable></enable></rrd> <virtualip>- <vip><mode>proxyarp</mode>   <interface>wan</interface>   <descr><type>single</type>   <subnet_bits>32</subnet_bits>   <subnet>196.192.xx.x</subnet></descr></vip></virtualip></installedpackages></wol></proxyarp></aliases></shaper></syslog></bridge></ovpn></staticroutes></lastchange></pfsense> tried a lot on NAT outbound + virtual ip then worked .  thanks for helping .
  • No connection possible from LAN to WAN

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    H
    Good to hear it's working now  :D
  • RRD Graphing - Can we define a custom date range through the GUI?

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    P
    Hi fredde, Thanks for the tip.  No - I hadn't looked at that because it seems like there is already a database within pfSense which tracks this information… the RRD graphs must be getting their data from somewhere. Your suggestion does allow one to see daily summaries which is cool, but all I really want to do is to define a custom period to view the existing RRD traffic graph output - ie. Feb 21 - March 21... possible? -- Phob
  • Moving from ipcop to pfsense [DONE]

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    M
    What a great pice of software ! I move last night to pfsense, and no problems at all. Everything is  working perfectly I could solve my "routing" problems OpenVpn works like a champ …. ManyThanks to frewald Hardware Asus P5M2-M Intel Core2Duo 6320 1,86GHz 2GB DDR2 667 ECC 3ware 9650 SATA Raid 2 Samsung 250GB Raid1 2 Broadcom Gigabit Nic's 2 Intel Gigabit Nic's Can't wait to get my 10Mbit fibre line....
  • I am behind a firewall

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    H
    Not sure if your provider offers IAX instead of SIP. IAX is much more likely to work behind firewalls/NAT (are you absolutely sure that you only have these 2 ports open? that really sucks). Maybe just download a softclient using IAX to test if they offer it. If that works you might be able to setup an asterisk server that is linked to the other server through IAX and register your hardphones with SIP at your local asterisk.
  • New Feature Idea: Comments

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    H
    diagnostics>states in the gui or for a more dynamic view like already pointed out by ermal pftop from the shellmenu.
  • Why should I choose pfsense over an appliance. Example: Edimax BR-6624

    Locked
    7
    0 Votes
    7 Posts
    7k Views
    R
    I changed a simple home router (speedtouch) to pfsense just because i wanted lower ping on gaming and i did get it from 40~50 to 20~30 ms. I a have one box runnig 24/7/365 (had a 1.0.1 version with 117 days of uptime) i am using the new release now. Its more flexible and if the hardware fails you can have it running in less than an hour again with the same config
  • PPPOe Droping on wireless network

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    H
    Btw, PPTP is encrypted whereas PPPoE is not. FWIW it's more secure using PPTP.
  • Pfsense box died tonight - help with diagnosis

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    H
    Maybe just resetting the modem would have helped?
  • Router - pfsense - servers

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    Z
    Since your router can't do DHCP spoofing/Half-Bridge mode, I'd change the router's LAN IP to 192.168.0.1/24 and make the Pfsense Wan Interface 192.168.0.2/24.  Then set the DMZ on the router to route all traffic to the pfsense wan interface.  It's not pretty, but I have to use this solution; and I haven't had any problems with the double NAT translation–even with SIP (Voip) which is a pain when it comes to NAT.
  • RRD Graphs in Bridged Mode?

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Ssh not working

    Locked
    1
    0 Votes
    1 Posts
    5k Views
    No one has replied
  • VPN/2nd Hard Drive Questions

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • 0 Votes
    3 Posts
    2k Views
    Z
    Ah, found the "half-bridge" mode it in the ADSL router – it was called "PPP IP Pass"  as opposed to "NAT". I hear it is also called DHCP spoofing. Now if I could only find a cable modem using PPTP that does the same thing.  My biggest problem with these SOHO routers is their poor handling of large amount of states due to memory and cpu limitations.  Heavy, continuous loads cause them to slow down and need periodic rebooting, so I want to avoid their routing engines altogether. Cheers, Z
  • Network Structure

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    H
    Then do a double nat. Set the modem in router/nat mode and search for an option called "dmz" or "expedited host" in the modems webgui. Assign the pfSense WAN IP there and everythig will be forwarded to the pfSense. The only things that don't work nice with such a config is the integrated dyndns client (as pfSense doesn't see it's real WAN IP anymore) and maybe IPSEC (unless you configure a different identifiers than "my ip address").
  • Rc.conf or other boot scripts… some insight?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    F
    Hm, I also noticed by accident, thanks to the arse-backwards filesystem (bangs head against desk), that there are two php.ini files - the in-use one actually being in /usr/local/lib/php.ini, and another one in /usr/local/etc/php.ini. Not sure what the purpose of that is, but I'm going to guess that if I reboot after having mistakenly made my boot-time edit to ./etc/php.ini, I may now have my problem sort-of solved. Not one to reboot my gateway on a whim though, so I guess it'll have to wait til the next reboot. =P
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.