Back to odd problem -- lose WAN at random points with a week or more between events
-
@Wylbur said in Back to odd problem -- lose WAN at random points with a week or more between events:
Thank you for your input. But, I've already done that. This is what the WAN port is running with. The LAN port is whatever the MOBO has and I never seem to have problems with that port. The weirdness is, this MOBO will not accept connections on both the Intel ports of the dual Intel port ethernet adapter that I'm using on this machine. Yet when I ran that adapter in another machine, both ports were usable so one was for WAN and the other for LAN.
But we have to ask this question: Why was I able to run for months on end when using Realtek ports with Untangle, or IPfire with this ISP? That is the thing that puzzels me.
In case everyone ISP use Juniper, Extreme (and other not-so-bad) hardware on aggregate level, and every user use Intel, Melannox (and other bug-free) hardware and well-writed & tested drivers,- we all wouldn’t have any puzzle-problem like this anymore.
So, just “catch, fix and forgot”,- best strategy in this hardware-mixed world. ;)
Now, if I were a "c" (or assembly language) programmer and knew the x86 architecture as well as I do z/Architecture machines (IBM Mainframes), I could probably code a trap to capture this failure and know why it was happening. Or I could run a trace of it that we could examine once it failed. But I don't know this architecture at that level. So unfortunately, I'm more of a knowledgeable user that knows enough to just be dangerous.
Just change the SSD, choose NICs that ISP recommend to work better WITH HIS APPLIANCE, make backups regulary (both config.xml and ZFS snapshots) and be happy until next device upgrade/change.
-
@Wylbur said in Back to odd problem -- lose WAN at random points with a week or more between events:
I see no failures that indicate a problem with renewal of lease with the ISP. What I do see are some changes where the fiber optic modem may get its IPv4 IP address changed and then the WAN is given a new IPv4 address. And then some 8.8.8.8 pings take place and some latency is noted.
Why exactly the IP on “fiber optic modem” are changed?
This is very rare situation in fiber nets in Europe, as I know.What is this device exactly? (Manufacturer and model)
Meanwhile on these latency issues, we know that the ISP has the ability to run Gigabit connections. What we have is 200/200 Mbs.
From which country You are, and ISP ?
-
@keyser said in Back to odd problem -- lose WAN at random points with a week or more between events:
@Wylbur You would know from the logs if renew was failing, because the logs would fill with a lot of renew attempts (with an increasing timer). So thats not the root of your problem.
Agree!!!
-
@Wylbur said in Back to odd problem -- lose WAN at random points with a week or more between events:
This is rather disconcerting for a referbished machine that is less than 30 days old.
I had to put in a second SSD because the system would not install for some reason. So that has me wondering of the referbish didn't detect a bad HDD.
Since this box is under warranty, I would like to be able to demonstrate this to the entity where I go it.
Save Your time: not spending time on “demonstrations”, return the box, buy something more powerful or from well-known & reputable brand.
-
I captured a packet trace when I ran into another loss of the system (DHCP working just fine, no ISP access). Unfortuneatley, I lost that text file. The funning thing is, it appeared that there were packets were passing through the WAN. So it seems that something causes communications to fail which is why a reboot clears the issue.
Meanwhile, I have to find a point where I can take the system down, and come back up on the backup machine, while I figure out how to make the BIOS changes. Hopefully this will be simple and not get blocked by the built in security so I can make the changes to the BIOS.
Wylbur.
-
I am in the USA. The ISP is a company called Metronet. The fiber optic interface system is by Nokia, and is an Intertek unit.
Metronet, Spectrum, AT&T, ComCast, etc. all change your IP address whenever they feel like it so you can't have a static address and host a web site unless you pay them for a static address.
-
@Wylbur said in Back to odd problem -- lose WAN at random points with a week or more between events:
I am in the USA. The ISP is a company called Metronet. The fiber optic interface system is by Nokia, and is an Intertek unit.
Ok, thanks. Just to know.
Metronet, Spectrum, AT&T, ComCast, etc. all change your IP address whenever they feel like it so you can't have a static address and host a web site unless you pay them for a static address.
Did DynDNS (or any other services) give You ability to having remote access?
-
I have swapped systems so that the backup is running and the new system is out for me to change BIOS settings.
So with the new machine that had the log errors below, I do not see any correlation of the following to anything I can change in the BIOS.
Mar 10 09:08:42 kernel hdacc0: <Realtek ALC221 HDA CODEC> at cad 0 on hdac0
Mar 10 09:08:42 kernel hdaa0: <Realtek ALC221 Audio Function Group> at nid 1 on hdacc0
Mar 10 09:08:42 kernel pcm0: <Realtek ALC221 (Analog)> at nid 23 and 26,27 on hdaa0
Mar 10 09:08:42 kernel pcm1: <Realtek ALC221 (Analog 2.0+HP)> at nid 20,33 on hdaa0
Mar 10 09:08:42 kernel hdacc1: <Intel Skylake HDA CODEC> at cad 2 on hdac0
Mar 10 09:08:42 kernel hdaa1: <Intel Skylake Audio Function Group> at nid 1 on hdacc1
Mar 10 09:08:42 kernel pcm2: <Intel Skylake (HDMI/DP 8ch)> at nid 3 on hdaa1
I got into the BIOS and did not find anything for changing any of the above.
However, I did find where the system can "sleep" or change to low power for several items. I set all that off.I also, ran the I/O tests while I had the opportunity on the SSDs and the initial tests came back good. Ran the extended tests and they are also good.
Then I ran the RAM tests and they came out with no errors detected.
The big question I have is, what would cause pfSense to "fail" and stop responding to ping, not respond to its website/page(s), but yet allow an iPhone 5 attached via an adapter that accepts RJ45 (eithernet), and continue streaming data via TuneIn (out of Europe in this case) while not responding to keyboard/mouse attached to the server via USB. Oh, and causing a Roku box to lose its connections (this by Wifi) so that TV(s) so attached lose connections. In otherwords, what makes that iPhone5 special that it did not lose its connections?
And I think this has happened now 3 times.
-
If the firewall is unable to open new states it would present like that. Existing states stay open so traffic continues. I would expect to see that logged though. Especially if it actually ran out of states.
You should be able to disable on-board audio in the BIOS unless it's significantly locked down.
-
@stephenw10 said in Back to odd problem -- lose WAN at random points with a week or more between events:
You should be able to disable on-board audio in the BIOS unless it's significantly locked down.
I've swapped it back in this morning. And that unit doesn't have a speaker, it has connections.... But I saw nothing relative to audio that I could kill.
BTW this is an HP box and they don't make a lot of doc available -- security by obscurity.
So now waiting to see if it has this lack of connections problem again, or the loss of WAN issue.
-
The chipset has that audio hardware in it though and it's consuming resources. We have seen that cause conflicts with other hardware.
-
Would this cause the system to run out of space in the "states table" and is that where I should look to see if we are headed into problems? I've been looking in the doc trying to figure this out. <big interruption> Had the system get locked up and had to swap the backup unit in.
I do not know why, but it is not taking it very long to run into the situation of not being able to handle any new traffic and breaks connections for some currently running things (such as my connection to a mainframe where I was working on a product), and others were still running (like the iPhone streaming music out of Germany). Everything else got stopped such that I could not ping the server from inside the LAN with either W11 laptop that was connected by wire.
Wylbur.
-
It's unlikely to be exhausting the state table in my opinion. You can see the states usage on the dashboard like:
State table size 0% (3/98000)It's also logged in Status > Monitoring Graphs so you would see there too if it were ever getting close to 100%.
Just to confirm you're not using the re NIC any longer?
-
Sorry, been a bit busy with stuff.
Have a strange thing going on. But to the state table. I've noticed that it has shown 200% at at times and then drops off on its own.
Relative to the Intel adapter card: At this point I am on the back up system which does not have the Intel adapter.
This AM about an hour ago now, have hit an interesting thing. Ping is not working from the GUI. Anything that is currently connected is functioning. Anything we need to connect to, we can't. So I have captured the state table, syslog, and packet capture. I'll post these as soon as I get the gui to reboot the system.
-
First, reboot cleared things.
I captured the packetcapture to a file w/ ext of pcap. Now I can't figure out how to read it with GUI.
State table before reboot:
Packets Bytes
LAN tcp 192.168.1.21:56555 -> 192.229.163.53:443 TIME_WAIT:TIME_WAIT 23 / 45 3 KiB / 47 KiB
WAN tcp 100.66.98.103:43311 (192.168.1.21:56555) -> 192.229.163.53:443 TIME_WAIT:TIME_WAIT 23 / 45 3 KiB / 47 KiB
LAN tcp 192.168.1.21:56559 -> 208.123.73.83:443 ESTABLISHED:ESTABLISHED 334 / 1.328K 25 KiB / 1.74 MiB
WAN tcp 100.66.98.103:43869 (192.168.1.21:56559) -> 208.123.73.83:443 ESTABLISHED:ESTABLISHED 334 / 1.328K 25 KiB / 1.74 MiB
LAN tcp 192.168.1.21:56561 -> 45.88.201.114:2096 TIME_WAIT:TIME_WAIT 27 / 27 7 KiB / 12 KiB
WAN tcp 100.66.98.103:12935 (192.168.1.21:56561) -> 45.88.201.114:2096 TIME_WAIT:TIME_WAIT 27 / 27 7 KiB / 12 KiB
LAN tcp 192.168.1.115:52471 -> 104.17.107.184:443 ESTABLISHED:ESTABLISHED 16 / 12 2 KiB / 6 KiB
WAN tcp 100.66.98.103:18377 (192.168.1.115:52471) -> 104.17.107.184:443 ESTABLISHED:ESTABLISHED 16 / 12 2 KiB / 6 KiB
LAN tcp 192.168.1.28:52961 -> 34.29.71.138:6567 TIME_WAIT:TIME_WAIT 3 / 4 225 B / 176 B
WAN tcp 100.66.98.103:41882 (192.168.1.28:52961) -> 34.29.71.138:6567 TIME_WAIT:TIME_WAIT 3 / 4 225 B / 176 B
LAN udp 192.168.1.28:65062 -> 192.168.1.1:53 MULTIPLE:MULTIPLE 141 / 141 9 KiB / 18 KiB
LAN tcp 192.168.1.115:52472 -> 172.64.153.101:443 ESTABLISHED:ESTABLISHED 16 / 11 2 KiB / 3 KiB
WAN tcp 100.66.98.103:34636 (192.168.1.115:52472) -> 172.64.153.101:443 ESTABLISHED:ESTABLISHED 16 / 11 2 KiB / 3 KiB
LAN tcp 192.168.1.28:52964 -> 45.88.201.114:995 TIME_WAIT:TIME_WAIT 18 / 39 2 KiB / 20 KiB
WAN tcp 100.66.98.103:64997 (192.168.1.28:52964) -> 45.88.201.114:995 TIME_WAIT:TIME_WAIT 18 / 39 2 KiB / 20 KiB
LAN udp 192.168.1.109:5353 -> 224.0.0.251:5353 NO_TRAFFIC:SINGLE 5 / 0 697 B / 0 B
LAN tcp 192.168.1.21:56565 -> 20.42.73.30:443 ESTABLISHED:ESTABLISHED 16 / 16 7 KiB / 7 KiB
WAN tcp 100.66.98.103:15383 (192.168.1.21:56565) -> 20.42.73.30:443 ESTABLISHED:ESTABLISHED 16 / 16 7 KiB / 7 KiB
LAN tcp 192.168.1.28:52968 -> 34.29.71.138:6567 TIME_WAIT:TIME_WAIT 3 / 4 225 B / 176 B
WAN tcp 100.66.98.103:63914 (192.168.1.28:52968) -> 34.29.71.138:6567 TIME_WAIT:TIME_WAIT 3 / 4 225 B / 176 B
LAN tcp 192.168.1.109:62056 -> 17.57.144.245:5223 ESTABLISHED:ESTABLISHED 75 / 67 16 KiB / 9 KiB
WAN tcp 100.66.98.103:24403 (192.168.1.109:62056) -> 17.57.144.245:5223 ESTABLISHED:ESTABLISHED 75 / 67 16 KiB / 9 KiB
LAN tcp 192.168.1.21:56566 -> 64.29.151.234:80 FIN_WAIT_2:FIN_WAIT_2 8 / 7 4 KiB / 2 KiB
WAN tcp 100.66.98.103:46421 (192.168.1.21:56566) -> 64.29.151.234:80 FIN_WAIT_2:FIN_WAIT_2 8 / 7 4 KiB / 2 KiB
LAN tcp 192.168.1.21:56567 -> 64.29.151.234:80 FIN_WAIT_2:FIN_WAIT_2 9 / 11 4 KiB / 8 KiB
WAN tcp 100.66.98.103:16736 (192.168.1.21:56567) -> 64.29.151.234:80 FIN_WAIT_2:FIN_WAIT_2 9 / 11 4 KiB / 8 KiB
LAN tcp 192.168.1.28:52970 -> 45.32.94.58:6567 CLOSED:SYN_SENT 5 / 0 260 B / 0 B
WAN tcp 100.66.98.103:34539 (192.168.1.28:52970) -> 45.32.94.58:6567 SYN_SENT:CLOSED 5 / 0 260 B / 0 B
WAN udp 100.66.98.103:44507 -> 13.107.206.240:53 MULTIPLE:SINGLE 1 / 1 100 B / 161 B
WAN udp 100.66.98.103:33951 -> 150.171.21.2:53 MULTIPLE:SINGLE 1 / 1 78 B / 94 B
WAN udp 100.66.98.103:42587 -> 204.14.183.1:53 MULTIPLE:SINGLE 1 / 1 78 B / 94 B
WAN udp 100.66.98.103:9838 -> 13.107.236.2:53 MULTIPLE:SINGLE 1 / 1 77 B / 93 B
WAN udp 100.66.98.103:29587 -> 204.14.183.1:53 MULTIPLE:SINGLE 1 / 1 78 B / 94 B
WAN udp 100.66.98.103:19588 -> 13.107.222.1:53 MULTIPLE:SINGLE 1 / 1 104 B / 120 B
WAN udp 100.66.98.103:7678 -> 13.107.236.1:53 MULTIPLE:SINGLE 1 / 1 77 B / 93 B
WAN udp 100.66.98.103:58799 -> 208.84.5.3:53 MULTIPLE:SINGLE 1 / 1 79 B / 95 B
WAN udp 100.66.98.103:47013 -> 150.171.10.1:53 MULTIPLE:SINGLE 1 / 1 104 B / 120 B
LAN tcp 192.168.1.28:52972 -> 20.106.86.13:443 FIN_WAIT_2:FIN_WAIT_2 13 / 10 2 KiB / 5 KiB
WAN tcp 100.66.98.103:44435 (192.168.1.28:52972) -> 20.106.86.13:443 FIN_WAIT_2:FIN_WAIT_2 13 / 10 2 KiB / 5 KiB
LAN udp 192.168.1.28:64010 -> 192.168.1.1:53 MULTIPLE:MULTIPLE 36 / 36 2 KiB / 5 KiB
WAN udp 100.66.98.103:55541 -> 108.162.192.130:53 MULTIPLE:SINGLE 1 / 1 78 B / 107 B
WAN udp 100.66.98.103:32637 -> 170.29.2.9:53 MULTIPLE:SINGLE 1 / 1 72 B / 88 B
WAN udp 100.66.98.103:24484 -> 170.29.2.9:53 MULTIPLE:SINGLE 1 / 1 72 B / 88 B
LAN tcp 192.168.1.28:52975 -> 170.29.69.89:443 FIN_WAIT_2:FIN_WAIT_2 9 / 11 1 KiB / 4 KiB
WAN tcp 100.66.98.103:62957 (192.168.1.28:52975) -> 170.29.69.89:443 FIN_WAIT_2:FIN_WAIT_2 9 / 11 1 KiB / 4 KiB
LAN udp 192.168.1.28:53856 -> 192.168.1.1:53 MULTIPLE:MULTIPLE 61 / 61 4 KiB / 8 KiB
LAN udp 192.168.1.109:62543 -> 192.168.1.1:53 SINGLE:MULTIPLE 1 / 1 72 B / 136 B
WAN udp 100.66.98.103:18544 -> 205.251.193.127:53 MULTIPLE:SINGLE 1 / 1 83 B / 284 B
LAN tcp 192.168.1.109:62057 -> 17.248.210.64:443 FIN_WAIT_2:FIN_WAIT_2 16 / 14 2 KiB / 8 KiB
WAN tcp 100.66.98.103:13477 (192.168.1.109:62057) -> 17.248.210.64:443 FIN_WAIT_2:FIN_WAIT_2 16 / 14 2 KiB / 8 KiB
LAN tcp 192.168.1.109:51119 -> 192.168.4.42:7000 CLOSED:SYN_SENT 7 / 0 448 B / 0 B
WAN tcp 100.66.98.103:33761 (192.168.1.109:51119) -> 192.168.4.42:7000 SYN_SENT:CLOSED 7 / 0 448 B / 0 B
LAN tcp 192.168.1.109:62058 -> 17.248.207.69:443 FIN_WAIT_2:FIN_WAIT_2 15 / 15 3 KiB / 8 KiB
WAN tcp 100.66.98.103:48650 (192.168.1.109:62058) -> 17.248.207.69:443 FIN_WAIT_2:FIN_WAIT_2 15 / 15 3 KiB / 8 KiB
LAN tcp 192.168.1.109:62059 -> 17.248.207.69:443 FIN_WAIT_2:FIN_WAIT_2 15 / 14 3 KiB / 8 KiB
WAN tcp 100.66.98.103:56881 (192.168.1.109:62059) -> 17.248.207.69:443 FIN_WAIT_2:FIN_WAIT_2 15 / 14 3 KiB / 8 KiB
LAN tcp 192.168.1.21:56568 -> 45.88.201.114:2096 ESTABLISHED:ESTABLISHED 8 / 6 4 KiB / 2 KiB
WAN tcp 100.66.98.103:52543 (192.168.1.21:56568) -> 45.88.201.114:2096 ESTABLISHED:ESTABLISHED 8 / 6 4 KiB / 2 KiB
LAN tcp 192.168.1.28:52978 -> 34.29.71.138:6567 TIME_WAIT:TIME_WAIT 10 / 4 970 B / 176 B
WAN tcp 100.66.98.103:22281 (192.168.1.28:52978) -> 34.29.71.138:6567 TIME_WAIT:TIME_WAIT 10 / 4 970 B / 176 B
LAN udp 192.168.1.104:43521 -> 192.168.1.1:53 SINGLE:MULTIPLE 1 / 1 57 B / 105 B
WAN udp 100.66.98.103:45178 -> 205.251.194.147:53 MULTIPLE:SINGLE 1 / 1 68 B / 252 B
LAN tcp 192.168.1.28:52979 -> 5.161.232.103:25658 CLOSED:SYN_SENT 3 / 0 156 B / 0 B
WAN tcp 100.66.98.103:26777 (192.168.1.28:52979) -> 5.161.232.103:25658 SYN_SENT:CLOSED 3 / 0 156 B / 0 B
LAN tcp 192.168.1.21:56569 -> 34.120.208.123:443 ESTABLISHED:ESTABLISHED 16 / 20 4 KiB / 6 KiB
WAN tcp 100.66.98.103:8753 (192.168.1.21:56569) -> 34.120.208.123:443 ESTABLISHED:ESTABLISHED 16 / 20 4 KiB / 6 KiB
LAN tcp 192.168.1.21:56570 -> 192.168.1.1:443 ESTABLISHED:ESTABLISHED 9 / 11 2 KiB / 2 KiB
LAN udp 192.168.1.104:68 -> 192.168.1.1:67 MULTIPLE:MULTIPLE 40.765K / 40.765K 15.55 MiB / 12.75 MiB
LAN tcp 192.168.1.105:52709 -> 107.22.132.179:2350 ESTABLISHED:ESTABLISHED 113 / 112 6 KiB / 6 KiB
WAN tcp 100.66.98.103:24221 (192.168.1.105:52709) -> 107.22.132.179:2350 ESTABLISHED:ESTABLISHED 113 / 112 6 KiB / 6 KiB
LAN tcp 192.168.1.115:50149 -> 17.57.144.245:5223 ESTABLISHED:ESTABLISHED 413 / 272 29 KiB / 24 KiB
WAN tcp 100.66.98.103:52411 (192.168.1.115:50149) -> 17.57.144.245:5223 ESTABLISHED:ESTABLISHED 413 / 272 29 KiB / 24 KiB
LAN tcp 192.168.1.21:64009 -> 20.127.250.238:443 ESTABLISHED:ESTABLISHED 1.737K / 1.853K 86 KiB / 105 KiB
WAN tcp 100.66.98.103:27125 (192.168.1.21:64009) -> 20.127.250.238:443 ESTABLISHED:ESTABLISHED 1.737K / 1.853K 86 KiB / 105 KiB
LAN tcp 192.168.1.21:50126 -> 35.174.127.31:443 ESTABLISHED:ESTABLISHED 8.091K / 5.827K 1.22 MiB / 1.21 MiB
WAN tcp 100.66.98.103:61524 (192.168.1.21:50126) -> 35.174.127.31:443 ESTABLISHED:ESTABLISHED 8.091K / 5.827K 1.22 MiB / 1.21 MiB
WAN icmp 100.66.98.103:35961 -> 8.8.8.8:35961 0:0 680.563K / 680.428K 18.82 MiB / 18.82 MiB
LAN tcp 192.168.1.21:50902 -> 162.159.61.4:443 ESTABLISHED:ESTABLISHED 17.887K / 16.635K 1.91 MiB / 3.89 MiB
WAN tcp 100.66.98.103:18626 (192.168.1.21:50902) -> 162.159.61.4:443 ESTABLISHED:ESTABLISHED 17.887K / 16.635K 1.91 MiB / 3.89 MiB
LAN tcp 192.168.1.21:61689 -> 40.83.247.108:443 ESTABLISHED:ESTABLISHED 15.683K / 7.883K 958 KiB / 1.62 MiB
WAN tcp 100.66.98.103:40396 (192.168.1.21:61689) -> 40.83.247.108:443 ESTABLISHED:ESTABLISHED 15.683K / 7.883K 958 KiB / 1.62 MiB
LAN tcp 192.168.1.21:61717 -> 40.83.247.108:443 ESTABLISHED:ESTABLISHED 1.722K / 1.499K 95 KiB / 119 KiB
WAN tcp 100.66.98.103:39965 (192.168.1.21:61717) -> 40.83.247.108:443 ESTABLISHED:ESTABLISHED 1.722K / 1.499K 95 KiB / 119 KiB
LAN tcp 192.168.1.115:50804 -> 194.97.151.149:80 ESTABLISHED:ESTABLISHED 372.848K / 549.908K 18.50 MiB / 770.86 MiB
WAN tcp 100.66.98.103:9804 (192.168.1.115:50804) -> 194.97.151.149:80 ESTABLISHED:ESTABLISHED 372.848K / 549.908K 18.50 MiB / 770.86 MiB
LAN tcp 192.168.1.21:51547 -> 104.18.37.70:443 ESTABLISHED:ESTABLISHED 15.955K / 15.955K 627 KiB / 1.52 MiB
WAN tcp 100.66.98.103:12137 (192.168.1.21:51547) -> 104.18.37.70:443 ESTABLISHED:ESTABLISHED 15.955K / 15.955K 627 KiB / 1.52 MiB
LAN tcp 192.168.1.105:44066 -> 107.22.132.179:2350 ESTABLISHED:ESTABLISHED 79 / 78 4 KiB / 4 KiB
WAN tcp 100.66.98.103:50806 (192.168.1.105:44066) -> 107.22.132.179:2350 ESTABLISHED:ESTABLISHED 79 / 78 4 KiB / 4 KiB
LAN tcp 192.168.1.21:51735 -> 172.64.150.186:443 ESTABLISHED:ESTABLISHED 15.684K / 15.682K 616 KiB / 1.50 MiB
WAN tcp 100.66.98.103:60340 (192.168.1.21:51735) -> 172.64.150.186:443 ESTABLISHED:ESTABLISHED 15.684K / 15.682K 616 KiB / 1.50 MiB
LAN tcp 192.168.1.21:51811 -> 172.64.150.186:443 ESTABLISHED:ESTABLISHED 15.494K / 15.492K 609 KiB / 1.48 MiB
WAN tcp 100.66.98.103:56358 (192.168.1.21:51811) -> 172.64.150.186:443 ESTABLISHED:ESTABLISHED 15.494K / 15.492K 609 KiB / 1.48 MiB
LAN tcp 192.168.1.105:38879 -> 172.217.0.174:443 ESTABLISHED:ESTABLISHED 3.912K / 6.594K 1.87 MiB / 2.82 MiB
WAN tcp 100.66.98.103:4984 (192.168.1.105:38879) -> 172.217.0.174:443 ESTABLISHED:ESTABLISHED 3.912K / 6.594K 1.87 MiB / 2.82 MiB
LAN tcp 192.168.1.105:35137 -> 35.212.11.60:443 ESTABLISHED:ESTABLISHED 27 / 25 7 KiB / 2 KiB
WAN tcp 100.66.98.103:62973 (192.168.1.105:35137) -> 35.212.11.60:443 ESTABLISHED:ESTABLISHED 27 / 25 7 KiB / 2 KiB
LAN tcp 192.168.1.21:52445 -> 40.86.187.166:443 ESTABLISHED:ESTABLISHED 2.008K / 1.009K 137 KiB / 90 KiB
WAN tcp 100.66.98.103:10106 (192.168.1.21:52445) -> 40.86.187.166:443 ESTABLISHED:ESTABLISHED 2.008K / 1.009K 137 KiB / 90 KiB
LAN tcp 192.168.1.21:56699 -> 35.174.127.31:443 ESTABLISHED:ESTABLISHED 18.405K / 16.234K 2.79 MiB / 2.75 MiB
WAN tcp 100.66.98.103:15100 (192.168.1.21:56699) -> 35.174.127.31:443 ESTABLISHED:ESTABLISHED 18.405K / 16.234K 2.79 MiB / 2.75 MiB
LAN tcp 192.168.1.21:56700 -> 34.237.73.95:443 ESTABLISHED:ESTABLISHED 17.951K / 14.874K 2.73 MiB / 2.71 MiB
WAN tcp 100.66.98.103:34503 (192.168.1.21:56700) -> 34.237.73.95:443 ESTABLISHED:ESTABLISHED 17.951K / 14.874K 2.73 MiB / 2.71 MiB
LAN tcp 192.168.1.21:56701 -> 35.174.127.31:443 ESTABLISHED:ESTABLISHED 18.413K / 16.171K 2.80 MiB / 2.75 MiB
WAN tcp 100.66.98.103:53604 (192.168.1.21:56701) -> 35.174.127.31:443 ESTABLISHED:ESTABLISHED 18.413K / 16.171K 2.80 MiB / 2.75 MiB
LAN tcp 192.168.1.105:45147 -> 107.22.132.179:2350 ESTABLISHED:ESTABLISHED 127 / 126 7 KiB / 9 KiB
WAN tcp 100.66.98.103:52417 (192.168.1.105:45147) -> 107.22.132.179:2350 ESTABLISHED:ESTABLISHED 127 / 126 7 KiB / 9 KiB
LAN tcp 192.168.1.21:54918 -> 172.64.150.186:443 ESTABLISHED:ESTABLISHED 4.322K / 4.32K 172 KiB / 423 KiB
WAN tcp 100.66.98.103:6452 (192.168.1.21:54918) -> 172.64.150.186:443 ESTABLISHED:ESTABLISHED 4.322K / 4.32K 172 KiB / 423 KiB
LAN tcp 192.168.1.105:46259 -> 142.251.32.14:443 ESTABLISHED:ESTABLISHED 1.926K / 2.548K 880 KiB / 642 KiB
WAN tcp 100.66.98.103:43208 (192.168.1.105:46259) -> 142.251.32.14:443 ESTABLISHED:ESTABLISHED 1.926K / 2.548K 880 KiB / 642 KiB
LAN tcp 192.168.1.105:49561 -> 34.192.23.130:443 ESTABLISHED:ESTABLISHED 21 / 28 5 KiB / 6 KiB
WAN tcp 100.66.98.103:56105 (192.168.1.105:49561) -> 34.192.23.130:443 ESTABLISHED:ESTABLISHED 21 / 28 5 KiB / 6 KiB
LAN tcp 192.168.1.21:56173 -> 34.107.243.93:443 ESTABLISHED:ESTABLISHED 19 / 28 3 KiB / 3 KiB
WAN tcp 100.66.98.103:62503 (192.168.1.21:56173) -> 34.107.243.93:443 ESTABLISHED:ESTABLISHED 19 / 28 3 KiB / 3 KiB
LAN tcp 192.168.1.21:56190 -> 50.87.253.56:993 ESTABLISHED:ESTABLISHED 91 / 122 6 KiB / 11 KiB
WAN tcp 100.66.98.103:58230 (192.168.1.21:56190) -> 50.87.253.56:993 ESTABLISHED:ESTABLISHED 91 / 122 6 KiB / 11 KiB
LAN tcp 192.168.1.28:51721 -> 40.83.247.108:443 ESTABLISHED:ESTABLISHED 32 / 25 4 KiB / 6 KiB
WAN tcp 100.66.98.103:63746 (192.168.1.28:51721) -> 40.83.247.108:443 ESTABLISHED:ESTABLISHED 32 / 25 4 KiB / 6 KiB
LAN tcp 192.168.1.234:41278 -> 142.251.165.188:5228 ESTABLISHED:ESTABLISHED 21 / 21 2 KiB / 8 KiB
WAN tcp 100.66.98.103:1643 (192.168.1.234:41278) -> 142.251.165.188:5228 ESTABLISHED:ESTABLISHED 21 / 21 2 KiB / 8 KiB
LAN tcp 192.168.1.21:56316 -> 204.90.115.144:623 ESTABLISHED:ESTABLISHED 88 / 146 5 KiB / 28 KiB
WAN tcp 100.66.98.103:48895 (192.168.1.21:56316) -> 204.90.115.144:623 ESTABLISHED:ESTABLISHED 88 / 146 5 KiB / 28 KiB
LAN udp 192.168.1.28:50524 -> 192.168.1.1:53 MULTIPLE:MULTIPLE 57 / 57 3 KiB / 8 KiB
LAN tcp 192.168.1.28:52587 -> 34.107.243.93:443 ESTABLISHED:ESTABLISHED 12 / 18 3 KiB / 2 KiB
WAN tcp 100.66.98.103:39024 (192.168.1.28:52587) -> 34.107.243.93:443 ESTABLISHED:ESTABLISHED 12 / 18 3 KiB / 2 KiB
LAN tcp 192.168.1.21:56450 -> 34.96.127.16:443 ESTABLISHED:ESTABLISHED 644 / 1.066K 97 KiB / 212 KiB
WAN tcp 100.66.98.103:63974 (192.168.1.21:56450) -> 34.96.127.16:443 ESTABLISHED:ESTABLISHED 644 / 1.066K 97 KiB / 212 KiB
LAN tcp 192.168.1.28:52793 -> 170.29.69.89:443 ESTABLISHED:ESTABLISHED 263 / 315 146 KiB / 218 KiB
WAN tcp 100.66.98.103:21298 (192.168.1.28:52793) -> 170.29.69.89:443 ESTABLISHED:ESTABLISHED 263 / 315 146 KiB / 218 KiB
LAN tcp 192.168.1.109:62020 -> 17.57.144.246:5223 TIME_WAIT:TIME_WAIT 718 / 711 122 KiB / 60 KiB
WAN tcp 100.66.98.103:64017 (192.168.1.109:62020) -> 17.57.144.246:5223 TIME_WAIT:TIME_WAIT 718 / 711 122 KiB / 60 KiB
LAN udp 192.168.1.200:5060 -> 199.87.144.75:5080 MULTIPLE:MULTIPLE 38 / 38 19 KiB / 11 KiB
WAN udp 100.66.98.103:53860 (192.168.1.200:5060) -> 199.87.144.75:5080 MULTIPLE:MULTIPLE 38 / 38 19 KiB / 11 KiB
LAN tcp 192.168.1.21:56548 -> 18.165.116.29:443 ESTABLISHED:ESTABLISHED 10 / 13 2 KiB / 7 KiB
WAN tcp 100.66.98.103:55447 (192.168.1.21:56548) -> 18.165.116.29:443 ESTABLISHED:ESTABLISHED 10 / 13 2 KiB / 7 KiB
LAN tcp 192.168.1.21:56552 -> 192.168.1.1:443 TIME_WAIT:TIME_WAIT 513 / 658 48 KiB / 124 KiB -
System log:
Apr 1 00:17:15 php 63769 [Snort] Snort Subscriber rules are up to date...
Apr 1 00:17:16 php 63769 [Snort] Snort GPLv2 Community Rules are up to date...
Apr 1 00:17:16 php 63769 [Snort] Emerging Threats Open rules are up to date...
Apr 1 00:17:16 php 63769 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
Apr 1 00:17:16 php 63769 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
Apr 1 00:17:16 php 63769 [Snort] Updating rules configuration for: WAN ...
Apr 1 00:17:19 php 63769 [Snort] Enabling any flowbit-required rules for: WAN...
Apr 1 00:17:19 php 63769 [Snort] Building new sid-msg.map file for WAN...
Apr 1 00:17:19 php 63769 [Snort] Snort STOP for WAN(re2)...
Apr 1 00:17:20 snort 4800 *** Caught Term-Signal
Apr 1 00:17:21 php 63769 [Snort] Snort START for WAN(re2)...
Apr 1 00:17:21 php 63769 [Snort] Snort has restarted on WAN with your new set of rules...
Apr 1 00:17:21 php 63769 [Snort] The Rules update has finished.
Apr 1 00:20:00 php 30289 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
Apr 1 03:01:00 root 7484 rc.update_bogons.sh is starting up.
Apr 1 03:01:00 root 8990 rc.update_bogons.sh is sleeping for 23990
Apr 1 06:00:01 php 40323 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
Apr 1 06:17:34 php 55922 [Snort] Snort Subscriber rules are up to date...
Apr 1 06:17:35 php 55922 [Snort] Snort GPLv2 Community Rules are up to date...
Apr 1 06:17:35 php 55922 [Snort] Emerging Threats Open rules are up to date...
Apr 1 06:17:35 php 55922 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
Apr 1 06:17:35 php 55922 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
Apr 1 06:17:35 php 55922 [Snort] Updating rules configuration for: WAN ...
Apr 1 06:17:38 php 55922 [Snort] Enabling any flowbit-required rules for: WAN...
Apr 1 06:17:38 php 55922 [Snort] Building new sid-msg.map file for WAN...
Apr 1 06:17:38 php 55922 [Snort] Snort STOP for WAN(re2)...
Apr 1 06:17:39 snort 69330 *** Caught Term-Signal
Apr 1 06:17:40 php 55922 [Snort] Snort START for WAN(re2)...
Apr 1 06:17:40 php 55922 [Snort] Snort has restarted on WAN with your new set of rules...
Apr 1 06:17:40 php 55922 [Snort] The Rules update has finished.
Apr 1 07:35:00 php 4927 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
Apr 1 07:58:00 sshguard 8879 Exiting on signal.
Apr 1 07:58:00 sshguard 66944 Now monitoring attacks.
Apr 1 08:19:00 sshguard 66944 Exiting on signal.
Apr 1 08:19:00 sshguard 73001 Now monitoring attacks.
Apr 1 09:40:50 root 29221 rc.update_bogons.sh is beginning the update cycle.
Apr 1 09:40:52 root 36334 Bogons V4 file downloaded: 665 addresses added.
Apr 1 09:40:52 root 39335 Bogons V6 file downloaded but not updating IPv6 bogons table because it is not in use.
Apr 1 09:40:52 root 40526 rc.update_bogons.sh is ending the update cycle.
Apr 1 11:55:00 php 34664 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
Apr 1 12:17:10 php 72703 [Snort] Snort Subscriber rules are up to date...
Apr 1 12:17:10 php 72703 [Snort] Snort GPLv2 Community Rules are up to date...
Apr 1 12:17:10 php 72703 [Snort] Emerging Threats Open rules are up to date...
Apr 1 12:17:11 php 72703 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
Apr 1 12:17:11 php 72703 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
Apr 1 12:17:11 php 72703 [Snort] Updating rules configuration for: WAN ...
Apr 1 12:17:13 php 72703 [Snort] Enabling any flowbit-required rules for: WAN...
Apr 1 12:17:13 php 72703 [Snort] Building new sid-msg.map file for WAN...
Apr 1 12:17:13 php 72703 [Snort] Snort STOP for WAN(re2)...
Apr 1 12:17:14 snort 78605 *** Caught Term-Signal
Apr 1 12:17:15 php 72703 [Snort] Snort START for WAN(re2)...
Apr 1 12:17:15 php 72703 [Snort] Snort has restarted on WAN with your new set of rules...
Apr 1 12:17:15 php 72703 [Snort] The Rules update has finished.
Apr 1 16:00:02 php 11876 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
Apr 1 18:17:18 php 36594 [Snort] Snort Subscriber rules are up to date...
Apr 1 18:17:19 php 36594 [Snort] Snort GPLv2 Community Rules are up to date...
Apr 1 18:17:19 php 36594 [Snort] There is a new set of Emerging Threats Open rules posted. Downloading emerging.rules.tar.gz...
Apr 1 18:17:20 php 36594 [Snort] Emerging Threats Open rules file update downloaded successfully
Apr 1 18:17:20 php 36594 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
Apr 1 18:17:20 php 36594 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
Apr 1 18:17:20 php 36594 [Snort] Updating rules configuration for: WAN ...
Apr 1 18:17:23 php 36594 [Snort] Enabling any flowbit-required rules for: WAN...
Apr 1 18:17:23 php 36594 [Snort] Building new sid-msg.map file for WAN...
Apr 1 18:17:23 php 36594 [Snort] Snort STOP for WAN(re2)...
Apr 1 18:17:24 snort 78178 *** Caught Term-Signal
Apr 1 18:17:25 php 36594 [Snort] Snort START for WAN(re2)...
Apr 1 18:17:25 php 36594 [Snort] Snort has restarted on WAN with your new set of rules...
Apr 1 18:17:25 php 36594 [Snort] The Rules update has finished.
Apr 1 19:16:00 sshguard 73001 Exiting on signal.
Apr 1 19:16:00 sshguard 96502 Now monitoring attacks.
Apr 2 00:15:00 php 66943 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
Apr 2 00:17:24 php 20980 [Snort] Snort Subscriber rules are up to date...
Apr 2 00:17:24 php 20980 [Snort] Snort GPLv2 Community Rules are up to date...
Apr 2 00:17:24 php 20980 [Snort] Emerging Threats Open rules are up to date...
Apr 2 00:17:25 php 20980 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
Apr 2 00:17:25 php 20980 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
Apr 2 00:17:25 php 20980 [Snort] Updating rules configuration for: WAN ...
Apr 2 00:17:27 php 20980 [Snort] Enabling any flowbit-required rules for: WAN...
Apr 2 00:17:27 php 20980 [Snort] Building new sid-msg.map file for WAN...
Apr 2 00:17:27 php 20980 [Snort] Snort STOP for WAN(re2)...
Apr 2 00:17:28 snort 41549 *** Caught Term-Signal
Apr 2 00:17:29 php 20980 [Snort] Snort START for WAN(re2)...
Apr 2 00:17:30 php 20980 [Snort] Snort has restarted on WAN with your new set of rules...
Apr 2 00:17:30 php 20980 [Snort] The Rules update has finished.
Apr 2 00:42:00 sshguard 96502 Exiting on signal.
Apr 2 00:42:00 sshguard 17564 Now monitoring attacks.
Apr 2 05:55:00 php 80125 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
Apr 2 06:17:03 php 25000 [Snort] Snort Subscriber rules are up to date...
Apr 2 06:17:04 php 25000 [Snort] Snort GPLv2 Community Rules are up to date...
Apr 2 06:17:04 php 25000 [Snort] Emerging Threats Open rules are up to date...
Apr 2 06:17:04 php 25000 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
Apr 2 06:17:04 php 25000 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
Apr 2 06:17:04 php 25000 [Snort] Updating rules configuration for: WAN ...
Apr 2 06:17:07 php 25000 [Snort] Enabling any flowbit-required rules for: WAN...
Apr 2 06:17:07 php 25000 [Snort] Building new sid-msg.map file for WAN...
Apr 2 06:17:07 php 25000 [Snort] Snort STOP for WAN(re2)...
Apr 2 06:17:08 snort 34458 *** Caught Term-Signal
Apr 2 06:17:09 php 25000 [Snort] Snort START for WAN(re2)...
Apr 2 06:17:09 php 25000 [Snort] Snort has restarted on WAN with your new set of rules...
Apr 2 06:17:09 php 25000 [Snort] The Rules update has finished.
Apr 2 06:53:00 sshguard 17564 Exiting on signal.
Apr 2 06:53:00 sshguard 84284 Now monitoring attacks.
Apr 2 12:10:00 php 27160 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
Apr 2 12:17:28 php 7191 [Snort] There is a new set of Snort Subscriber rules posted. Downloading snortrules-snapshot-29200.tar.gz...
Apr 2 12:17:34 php 7191 [Snort] Snort Subscriber rules file update downloaded successfully
Apr 2 12:17:35 php 7191 [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
Apr 2 12:17:36 php 7191 [Snort] Snort GPLv2 Community Rules file update downloaded successfully
Apr 2 12:17:36 php 7191 [Snort] Emerging Threats Open rules are up to date...
Apr 2 12:17:37 php 7191 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
Apr 2 12:17:37 php 7191 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
Apr 2 12:17:51 php 7191 [Snort] Updating rules configuration for: WAN ...
Apr 2 12:17:54 php 7191 [Snort] Enabling any flowbit-required rules for: WAN...
Apr 2 12:17:54 php 7191 [Snort] Building new sid-msg.map file for WAN...
Apr 2 12:17:54 php 7191 [Snort] Snort STOP for WAN(re2)...
Apr 2 12:17:55 snort 30427 *** Caught Term-Signal
Apr 2 12:17:55 kernel pid 30427 (snort), jid 0, uid 0: exited on signal 11 (core dumped)
Apr 2 12:17:56 php 7191 [Snort] Snort START for WAN(re2)...
Apr 2 12:17:56 php 7191 [Snort] Snort has restarted on WAN with your new set of rules...
Apr 2 12:17:56 php 7191 [Snort] The Rules update has finished.
Apr 2 17:45:00 php 7959 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
Apr 2 18:06:00 sshguard 84284 Exiting on signal.
Apr 2 18:06:00 sshguard 25475 Now monitoring attacks.
Apr 2 18:10:28 snort 32875 S5: Pruned 5 sessions from cache for memcap. 68 scbs remain. memcap: 8389251/8388608
Apr 2 18:17:09 php 89991 [Snort] Snort Subscriber rules are up to date...
Apr 2 18:17:09 php 89991 [Snort] Snort GPLv2 Community Rules are up to date...
Apr 2 18:17:09 php 89991 [Snort] There is a new set of Emerging Threats Open rules posted. Downloading emerging.rules.tar.gz...
Apr 2 18:17:10 php 89991 [Snort] Emerging Threats Open rules file update downloaded successfully
Apr 2 18:17:10 php 89991 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
Apr 2 18:17:10 php 89991 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
Apr 2 18:17:11 php 89991 [Snort] Updating rules configuration for: WAN ...
Apr 2 18:17:13 php 89991 [Snort] Enabling any flowbit-required rules for: WAN...
Apr 2 18:17:13 php 89991 [Snort] Building new sid-msg.map file for WAN...
Apr 2 18:17:13 php 89991 [Snort] Snort STOP for WAN(re2)...
Apr 2 18:17:14 snort 32875 *** Caught Term-Signal
Apr 2 18:17:16 php 89991 [Snort] Snort START for WAN(re2)...
Apr 2 18:17:16 php 89991 [Snort] Snort has restarted on WAN with your new set of rules...
Apr 2 18:17:16 php 89991 [Snort] The Rules update has finished.
Apr 2 20:12:00 sshguard 25475 Exiting on signal.
Apr 2 20:12:00 sshguard 29905 Now monitoring attacks.
Apr 3 00:17:26 php 28304 [Snort] Snort Subscriber rules are up to date...
Apr 3 00:17:27 php 28304 [Snort] Snort GPLv2 Community Rules are up to date...
Apr 3 00:17:27 php 28304 [Snort] Emerging Threats Open rules are up to date...
Apr 3 00:17:27 php 28304 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
Apr 3 00:17:27 php 28304 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
Apr 3 00:17:27 php 28304 [Snort] Updating rules configuration for: WAN ...
Apr 3 00:17:30 php 28304 [Snort] Enabling any flowbit-required rules for: WAN...
Apr 3 00:17:30 php 28304 [Snort] Building new sid-msg.map file for WAN...
Apr 3 00:17:30 php 28304 [Snort] Snort STOP for WAN(re2)...
Apr 3 00:17:31 snort 96511 *** Caught Term-Signal
Apr 3 00:17:32 php 28304 [Snort] Snort START for WAN(re2)...
Apr 3 00:17:32 php 28304 [Snort] Snort has restarted on WAN with your new set of rules...
Apr 3 00:17:32 php 28304 [Snort] The Rules update has finished.
Apr 3 00:20:00 php 97042 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
Apr 3 05:34:00 sshguard 29905 Exiting on signal.
Apr 3 05:34:00 sshguard 94415 Now monitoring attacks.
Apr 3 06:00:01 php 60 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
Apr 3 06:17:07 php 52342 [Snort] Snort Subscriber rules are up to date...
Apr 3 06:17:08 php 52342 [Snort] Snort GPLv2 Community Rules are up to date...
Apr 3 06:17:08 php 52342 [Snort] Emerging Threats Open rules are up to date...
Apr 3 06:17:08 php 52342 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
Apr 3 06:17:08 php 52342 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
Apr 3 06:17:08 php 52342 [Snort] Updating rules configuration for: WAN ...
Apr 3 06:17:11 php 52342 [Snort] Enabling any flowbit-required rules for: WAN...
Apr 3 06:17:11 php 52342 [Snort] Building new sid-msg.map file for WAN...
Apr 3 06:17:11 php 52342 [Snort] Snort STOP for WAN(re2)...
Apr 3 06:17:12 snort 53476 *** Caught Term-Signal
Apr 3 06:17:13 php 52342 [Snort] Snort START for WAN(re2)...
Apr 3 06:17:13 php 52342 [Snort] Snort has restarted on WAN with your new set of rules...
Apr 3 06:17:13 php 52342 [Snort] The Rules update has finished.
Apr 3 10:31:00 sshguard 94415 Exiting on signal.
Apr 3 10:31:00 sshguard 72366 Now monitoring attacks.
Apr 3 10:51:47 php-fpm 24100 /index.php: Successful login for user 'admin' from: 192.168.1.21 (Local Database)
Apr 3 10:59:00 sshguard 72366 Exiting on signal.
Apr 3 10:59:00 sshguard 74234 Now monitoring attacks.
Apr 3 11:00:56 php-fpm 82432 /diag_packet_capture.php: The command '/bin/pkill -f '^/usr/sbin/tcpdump.*-w -'' returned exit code '1', the output was '' -
Again, things connected were continuing to work. Example. If duckduckgo were used for a search, that search would return hits. If clicking on a link in the hits -- would get message couldn't find that server.
So my connection to a mainframe (encrypted interactive session) continued to respond.
T-bird Email continued to fetch and send email.
Don't know what got hosed up.
[BTW did see where there is an SSH exploit -- pfsense susceptible to it?]
