Snort 2.9.2.3 pkg v. 2.5.0 Issues
-
I thought I'd wake this thread up and let you guys know I just had the same problem as previously listed in the thread. I had all of the above problems. I had to uninstall Snort, remove anything snort from command line including un-ticking the "Keep settings" option in snort prior to removing snort and reinstall to resolve a couple of the issues. Then I had to un-tick Enable Sensitive Data to get Snort to fire back up correctly.
Was a bit of a pain and I'm concerned the Snort breaks so often. As it is I have to fire Snort back up every time it auto updates -
I pushed some fixes that should help with snort not starting after rule update.
Reinstall and test.
-
@ermal:
I pushed some fixes that should help with snort not starting after rule update.
Reinstall and test.
I installed this update, now I'm unable to install snort rules (ET works fine). I did a full reinstall, including deleting all my settings(!) and rm -rf any directories containing 'snort'. Unfortunately, system log gives vague error:
Nov 2 09:59:43 php: /snort/snort_download_rules.php: Snort rules file downloaded failed…
-
New Pfsense user here. Still seems to be an issue with auto updates.
I'm running Pfsense 2.1 latest build and latest Snort Package with auto updates on. The first auto update performed crashed/disabled Snort. Restarted Snort ….... Said it restarted......Seems to be broken......Cold boot.....same thing.....reboot.......Nothing.......Broken. GUI shows it as stopped.
After turning Auto updates off and manually updating signatures everything seems to be up and running again.
-
Same issues here. Also, pfsense wasn't remembering my rule changes across updates, meaning that I can't use it in a commercial setting right now. Without the rule hysteresis, all the policy blocks are back on after each update.
-
I have an issue with Snort Blocking the newly acquired WAN IP address.
It happens a few times lately when my power supply failed on a DSL modem.I have to go to the snort Blocked and remove the WAN IP from the list and things run smoothly. I sit beside the modem so it's not a big deal. ;) However is the modem was 2 miles away …. :'(
Disconnecting from the Web Interface does not reproduce this problem, it seems it only happens when the Ethernet port goes off/online.
Maybe when Snort restart, it could/should remove the WAN IP from the Blocked list.2013-01-19 14:09:29 Local0.Info 172.24.42.254 pf: 00:00:13.621331 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20117, offset 0, flags [DF], proto TCP (6), length 40) 2013-01-19 14:09:29 Local0.Info 172.24.42.254 pf: 172.24.48.32.18447 > 124.182.236.55.59795: Flags [R.], cksum 0x4170 (correct), seq 4, ack 1, win 0, length 0 2013-01-19 14:09:31 Local0.Info 172.24.42.254 pf: 00:00:02.499712 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 14494, offset 0, flags [DF], proto TCP (6), length 73) 2013-01-19 14:09:31 Local0.Info 172.24.42.254 pf: 172.24.48.84.52634 > 98.139.218.251.993: Flags [P.], cksum 0x2926 (correct), ack 1, win 16708, length 33 2013-01-19 14:09:34 Local0.Info 172.24.42.254 pf: 00:00:02.572018 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20164, offset 0, flags [DF], proto TCP (6), length 52) 2013-01-19 14:09:34 Local0.Info 172.24.42.254 pf: 172.24.48.32.18447 > 77.11.235.51.59819: Flags [F.], cksum 0x074e (correct), seq 4, ack 1, win 257, options [nop,nop,TS val 90214240 ecr 144955388], length 0 2013-01-19 14:09:36 Daemon.Info 172.24.42.254 ppp: [wan_link0] PPPoE connection timeout after 9 seconds 2013-01-19 14:09:36 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: DOWN event 2013-01-19 14:09:36 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: Down event 2013-01-19 14:09:36 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: reconnection attempt 12 in 4 seconds 2013-01-19 14:09:37 Local0.Info 172.24.42.254 pf: 00:00:03.459512 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20195, offset 0, flags [DF], proto TCP (6), length 40) 2013-01-19 14:09:37 Local0.Info 172.24.42.254 pf: 172.24.48.32.18447 > 203.26.236.151.21598: Flags [R.], cksum 0x969f (correct), seq 4, ack 1, win 0, length 0 2013-01-19 14:09:40 Local0.Info 172.24.42.254 pf: 00:00:02.691438 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20215, offset 0, flags [DF], proto TCP (6), length 40) 2013-01-19 14:09:40 Local0.Info 172.24.42.254 pf: 172.24.48.32.18447 > 175.156.246.70.46238: Flags [R.], cksum 0xdb07 (correct), seq 5, ack 1, win 0, length 0 2013-01-19 14:09:40 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: reconnection attempt 12 2013-01-19 14:09:40 Daemon.Info 172.24.42.254 ppp: [wan_link0] PPPoE: Connecting to '' 2013-01-19 14:09:46 Local0.Info 172.24.42.254 pf: 00:00:06.441514 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20277, offset 0, flags [DF], proto TCP (6), length 40) 2013-01-19 14:09:46 Local0.Info 172.24.42.254 pf: 172.24.48.32.18447 > 66.91.229.251.62047: Flags [R.], cksum 0x3819 (correct), seq 5, ack 1, win 0, length 0 2013-01-19 14:09:47 User.Notice 172.24.42.254 check_reload_status: Linkup starting fxp0 2013-01-19 14:09:47 Kernel.Notice 172.24.42.254 kernel: fxp0: link state changed to UP 2013-01-19 14:09:48 Local0.Info 172.24.42.254 pf: 00:00:01.765544 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20300, offset 0, flags [DF], proto TCP (6), length 40) 2013-01-19 14:09:48 Local0.Info 172.24.42.254 pf: 172.24.48.32.18447 > 77.11.235.51.59819: Flags [R.], cksum 0xb6c2 (correct), seq 5, ack 1, win 0, length 0 2013-01-19 14:09:49 Daemon.Info 172.24.42.254 ppp: [wan_link0] PPPoE connection timeout after 9 seconds 2013-01-19 14:09:49 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: DOWN event 2013-01-19 14:09:49 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: Down event 2013-01-19 14:09:49 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: reconnection attempt 13 in 4 seconds 2013-01-19 14:09:51 Local0.Info 172.24.42.254 pf: 00:00:02.758237 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20332, offset 0, flags [DF], proto TCP (6), length 40) 2013-01-19 14:09:51 Local0.Info 172.24.42.254 pf: 172.24.48.32.18447 > 89.95.29.148.4268: Flags [F.], cksum 0x4cd0 (correct), seq 4, ack 1, win 259, length 0 2013-01-19 14:09:53 Daemon.Warning 172.24.42.254 miniupnpd[14851]: NewLeaseDuration=1800 not supported, ignored. (ip=172.24.48.32, desc='Tixati_v1.92_UDP_port') 2013-01-19 14:09:53 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: reconnection attempt 13 2013-01-19 14:09:53 Daemon.Info 172.24.42.254 ppp: [wan_link0] PPPoE: Connecting to '' 2013-01-19 14:09:54 Local0.Info 172.24.42.254 pf: 00:00:02.883816 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20363, offset 0, flags [DF], proto TCP (6), length 56) 2013-01-19 14:09:54 Local0.Info 172.24.42.254 pf: 172.24.48.32.18447 > 41.137.25.48.41291: Flags [FP.], cksum 0x61ff (correct), seq 4:8, ack 1, win 255, options [nop,nop,TS val 90216240 ecr 63314], length 4 2013-01-19 14:09:56 Local0.Info 172.24.42.254 pf: 00:00:02.108175 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20380, offset 0, flags [DF], proto TCP (6), length 1462) 2013-01-19 14:09:56 Local0.Info 172.24.42.254 pf: 172.24.48.32.18447 > 46.120.53.241.54008: Flags [P.], ack 1, win 64765, length 1422 2013-01-19 14:10:00 Cron.Info 172.24.42.254 /usr/sbin/cron[5741]: (root) CMD (/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc) 2013-01-19 14:10:02 Daemon.Info 172.24.42.254 ppp: [wan_link0] PPPoE connection timeout after 9 seconds 2013-01-19 14:10:02 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: DOWN event 2013-01-19 14:10:02 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: Down event 2013-01-19 14:10:02 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: reconnection attempt 14 in 2 seconds 2013-01-19 14:10:04 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: reconnection attempt 14 2013-01-19 14:10:04 Daemon.Info 172.24.42.254 ppp: [wan_link0] PPPoE: Connecting to '' 2013-01-19 14:10:06 Local0.Info 172.24.42.254 pf: 00:00:10.480453 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20475, offset 0, flags [DF], proto TCP (6), length 1046) 2013-01-19 14:10:06 Local0.Info 172.24.42.254 pf: 172.24.48.32.18447 > 94.193.250.50.65321: Flags [FP.], seq 0:1006, ack 1, win 258, length 1006 2013-01-19 14:10:10 Local0.Info 172.24.42.254 pf: 00:00:03.609422 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20506, offset 0, flags [DF], proto TCP (6), length 40) 2013-01-19 14:10:10 Local0.Info 172.24.42.254 pf: 172.24.48.32.18447 > 41.137.25.48.41291: Flags [R.], cksum 0x2ffd (correct), seq 9, ack 1, win 0, length 0 2013-01-19 14:10:14 Daemon.Info 172.24.42.254 ppp: [wan_link0] PPPoE connection timeout after 9 seconds 2013-01-19 14:10:14 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: DOWN event 2013-01-19 14:10:14 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: Down event 2013-01-19 14:10:14 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: reconnection attempt 15 in 3 seconds 2013-01-19 14:10:14 Local0.Info 172.24.42.254 pf: 00:00:04.430282 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 14780, offset 0, flags [DF], proto TCP (6), length 40) 2013-01-19 14:10:14 Local0.Info 172.24.42.254 pf: 172.24.48.84.52634 > 98.139.218.251.993: Flags [R.], cksum 0x5bc6 (correct), seq 33, ack 1, win 0, length 0 2013-01-19 14:10:15 User.Notice 172.24.42.254 check_reload_status: Linkup starting fxp0 2013-01-19 14:10:15 Kernel.Notice 172.24.42.254 kernel: fxp0: link state changed to DOWN 2013-01-19 14:10:15 Local0.Info 172.24.42.254 pf: 00:00:00.339215 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20541, offset 0, flags [DF], proto TCP (6), length 40) 2013-01-19 14:10:15 Local0.Info 172.24.42.254 pf: 172.24.48.32.18447 > 89.95.29.148.4268: Flags [R.], cksum 0x4dcf (correct), seq 5, ack 1, win 0, length 0 2013-01-19 14:10:17 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: reconnection attempt 15 2013-01-19 14:10:17 Daemon.Info 172.24.42.254 ppp: [wan_link0] PPPoE: Connecting to '' 2013-01-19 14:10:17 User.Notice 172.24.42.254 check_reload_status: Linkup starting fxp0 2013-01-19 14:10:17 Kernel.Notice 172.24.42.254 kernel: fxp0: link state changed to UP 2013-01-19 14:10:26 Daemon.Info 172.24.42.254 ppp: [wan_link0] PPPoE connection timeout after 9 seconds 2013-01-19 14:10:26 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: DOWN event 2013-01-19 14:10:26 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: Down event 2013-01-19 14:10:26 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: reconnection attempt 16 in 3 seconds 2013-01-19 14:10:29 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: reconnection attempt 16 2013-01-19 14:10:29 Daemon.Info 172.24.42.254 ppp: [wan_link0] PPPoE: Connecting to '' 2013-01-19 14:10:38 Daemon.Info 172.24.42.254 ppp: [wan_link0] PPPoE connection timeout after 9 seconds 2013-01-19 14:10:38 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: DOWN event 2013-01-19 14:10:38 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: Down event 2013-01-19 14:10:38 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: reconnection attempt 17 in 2 seconds 2013-01-19 14:10:40 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: reconnection attempt 17 2013-01-19 14:10:40 Daemon.Info 172.24.42.254 ppp: [wan_link0] PPPoE: Connecting to '' 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: PPPoE: rec'd ACNAME "bas10-montreal02" 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] PPPoE: connection successful 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: UP event 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: Up event 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: state change Starting --> Req-Sent 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: SendConfigReq #12 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] PROTOCOMP 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] MRU 1492 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] MAGICNUM 2d14526c 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: rec'd Configure Request #10 (Req-Sent) 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] MRU 1492 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] AUTHPROTO PAP 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] MAGICNUM 38452021 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: SendConfigAck #10 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] MRU 1492 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] AUTHPROTO PAP 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] MAGICNUM 38452021 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: state change Req-Sent --> Ack-Sent 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: rec'd Configure Ack #12 (Ack-Sent) 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] PROTOCOMP 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] MRU 1492 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] MAGICNUM 2d14526c 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: state change Ack-Sent --> Opened 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: auth: peer wants PAP, I want nothing 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] PAP: using authname "xxxxxx@yyyyyyy.zzz" 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] PAP: sending REQUEST #1 len: 31 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: LayerUp 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: rec'd Configure Request #1 (Opened) 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] MRU 1462 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] AUTHPROTO PAP 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] MAGICNUM 38452021 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: LayerDown 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: SendConfigReq #13 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] PROTOCOMP 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] MRU 1492 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] MAGICNUM 2d14526c 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: SendConfigAck #1 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] MRU 1462 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] AUTHPROTO PAP 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] MAGICNUM 38452021 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: state change Opened --> Ack-Sent 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: rec'd Configure Ack #13 (Ack-Sent) 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] PROTOCOMP 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] MRU 1492 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] MAGICNUM 2d14526c 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: state change Ack-Sent --> Opened 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: auth: peer wants PAP, I want nothing 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] PAP: using authname "xxxxx@yyyyyyy.zzz" 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] PAP: sending REQUEST #1 len: 31 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: LayerUp 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] PAP: rec'd ACK #1 len: 5 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] LCP: authorization successful 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: Matched action 'bundle "wan" ""' 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan_link0] Link: Join bundle "wan" 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] Bundle: Status update: up 1 link, total bandwidth 64000 bps 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPCP: Open event 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPCP: state change Initial --> Starting 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPCP: LayerStart 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPCP: Up event 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPCP: state change Starting --> Req-Sent 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPCP: SendConfigReq #13 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPADDR 0.0.0.0 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] PRIDNS 0.0.0.0 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] SECDNS 0.0.0.0 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPCP: rec'd Configure Request #6 (Req-Sent) 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPADDR 10.250.0.9 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] 10.250.0.9 is OK 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPCP: SendConfigAck #6 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPADDR 10.250.0.9 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPCP: state change Req-Sent --> Ack-Sent 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPCP: rec'd Configure Reject #13 (Ack-Sent) 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPCP: SendConfigReq #14 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPADDR 0.0.0.0 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] PRIDNS 0.0.0.0 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] SECDNS 0.0.0.0 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPCP: rec'd Configure Nak #14 (Ack-Sent) 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPADDR 199.192.238.25 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] 199.192.238.25 is OK 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] PRIDNS 10.250.0.9 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] SECDNS 24.226.147.201 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPCP: SendConfigReq #15 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPADDR 199.192.238.25 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] PRIDNS 10.250.0.9 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] SECDNS 24.226.147.201 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPCP: rec'd Configure Ack #15 (Ack-Sent) 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPADDR 199.192.238.25 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] PRIDNS 10.250.0.9 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] SECDNS 24.226.147.201 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPCP: state change Ack-Sent --> Opened 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] IPCP: LayerUp 2013-01-19 14:10:42 Daemon.Info 172.24.42.254 ppp: [wan] 199.192.238.25 -> 10.250.0.9 2013-01-19 14:10:42 User.Notice 172.24.42.254 check_reload_status: Rewriting resolv.conf 2013-01-19 14:10:43 User.Notice 172.24.42.254 check_reload_status: rc.newwanip starting pppoe1 2013-01-19 14:10:43 Daemon.Info 172.24.42.254 ppp: [wan] IFACE: Up event 2013-01-19 14:10:49 User.Warning 172.24.42.254 php: : rc.newwanip: Informational is starting pppoe1. 2013-01-19 14:10:49 User.Warning 172.24.42.254 php: : rc.newwanip: on (IP address: 199.192.238.25) (interface: wan) (real interface: pppoe1). 2013-01-19 14:10:49 User.Warning 172.24.42.254 php: : ROUTING: setting default route to 10.250.0.9 2013-01-19 14:10:49 User.Error 172.24.42.254 apinger: Exiting on signal 15. 2013-01-19 14:10:50 Daemon.Info 172.24.42.254 dnsmasq[63143]: reading /etc/resolv.conf 2013-01-19 14:10:50 Daemon.Info 172.24.42.254 dnsmasq[63143]: using nameserver 24.226.147.201#53 2013-01-19 14:10:50 Daemon.Info 172.24.42.254 dnsmasq[63143]: using nameserver 10.250.0.9#53 2013-01-19 14:10:50 Daemon.Warning 172.24.42.254 dnsmasq[63143]: ignoring nameserver 127.0.0.1 - local interface 2013-01-19 14:10:50 User.Notice 172.24.42.254 check_reload_status: Reloading filter 2013-01-19 14:10:50 User.Error 172.24.42.254 apinger: Starting Alarm Pinger, apinger(40665) 2013-01-19 14:10:55 User.Warning 172.24.42.254 php: : Resyncing OpenVPN instances for interface WAN. 2013-01-19 14:10:55 User.Warning 172.24.42.254 php: : Creating rrd update script 2013-01-19 14:10:56 Daemon.Info 172.24.42.254 ntpd[22401]: Terminating 2013-01-19 14:10:56 User.Warning 172.24.42.254 php: : The command '/usr/bin/killall 'ntpd'' returned exit code '1', the output was 'killall: warning: kill -TERM 21280: No such process' 2013-01-19 14:10:56 User.Warning 172.24.42.254 php: : OpenNTPD is starting up. 2013-01-19 14:10:56 User.Warning 172.24.42.254 php: : pfSense package system has detected an ip change 96.43.229.159 -> ... Restarting packages. 2013-01-19 14:10:56 User.Notice 172.24.42.254 check_reload_status: Starting packages 2013-01-19 14:10:56 Local0.Info 172.24.42.254 pf: 00:00:41.148891 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 21101, offset 0, flags [DF], proto TCP (6), length 1462) 2013-01-19 14:10:56 Local0.Info 172.24.42.254 pf: 96.43.229.159.33901 > 46.120.53.241.54008: Flags [P.], ack 2575765534, win 64765, length 1422 2013-01-19 14:11:01 Auth.Alert 172.24.42.254 snort[8384]: [122:26:1] PSNG_ICMP_PORTSWEEP_FILTERED [Classification: Attempted Information Leak] [Priority: 2] {PROTO:255} 199.192.238.25 -> 74.125.226.41 2013-01-19 14:11:02 User.Warning 172.24.42.254 php: : Restarting/Starting all packages. 2013-01-19 14:11:10 User.Error 172.24.42.254 apinger: ALARM: WAN(10.250.0.9) *** down *** 2013-01-19 14:11:11 User.Notice 172.24.42.254 check_reload_status: Syncing firewall 2013-01-19 14:11:11 User.Notice 172.24.42.254 check_reload_status: Reloading filter 2013-01-19 14:11:11 User.Warning 172.24.42.254 php: : [pfblocker] pfblocker_xmlrpc_sync.php is starting. 2013-01-19 14:11:12 User.Notice 172.24.42.254 check_reload_status: Syncing firewall 2013-01-19 14:11:12 User.Notice 172.24.42.254 check_reload_status: Reloading filter 2013-01-19 14:11:12 User.Warning 172.24.42.254 php: : [pfblocker] pfblocker_xmlrpc_sync.php is starting. 2013-01-19 14:11:13 User.Warning 172.24.42.254 php: : [pfblocker] pfblocker_xmlrpc_sync.php is starting. 2013-01-19 14:11:13 User.Warning 172.24.42.254 php: : [pfblocker] pfblocker_xmlrpc_sync.php is starting. 2013-01-19 14:11:16 Daemon.Info 172.24.42.254 SnortStartup[53746]: Snort STOP For Wan Snort(18203_pppoe1)... 2013-01-19 14:11:17 Daemon.Error 172.24.42.254 snort[8384]: *** Caught Term-Signal 2013-01-19 14:11:17 Kernel.Info 172.24.42.254 kernel: pppoe1: promiscuous mode disabled 2013-01-19 14:11:18 Daemon.Notice 172.24.42.254 snort[8384]: =============================================================================== 2013-01-19 14:11:18 Daemon.Notice 172.24.42.254 snort[8384]: Run time for packet processing was 36881.74985 seconds 2013-01-19 14:11:18 Daemon.Notice 172.24.42.254 snort[8384]: Snort processed 6330687 packets. 2013-01-19 14:11:18 Daemon.Notice 172.24.42.254 snort[8384]: Snort ran for 0 days 10 hours 14 minutes 41 seconds 2013-01-19 14:11:18 Daemon.Notice 172.24.42.254 snort[8384]: Pkts/hr: 633068 2013-01-19 14:11:18 Daemon.Notice 172.24.42.254 snort[8384]: Pkts/min: 10310 2013-01-19 14:11:18 Daemon.Notice 172.24.42.254 snort[8384]: Pkts/sec: 171 ... 2013-01-19 14:11:18 Daemon.Error 172.24.42.254 snort[8384]: Could not remove pid file /var/run/snort_pppoe118203.pid: No such file or directory 2013-01-19 14:11:19 Daemon.Notice 172.24.42.254 snort[8384]: Snort exiting 2013-01-19 14:11:19 Daemon.Info 172.24.42.254 SnortStartup[3227]: Snort STOP For Lan(53096_bridge0)... 2013-01-19 14:11:19 Cron.Info 172.24.42.254 /usr/sbin/cron[5607]: (CRON) DEATH (cron already running, pid: 29495) 2013-01-19 14:11:20 Daemon.Notice 172.24.42.254 snort[6149]: Found pid path directive (/var/run) 2013-01-19 14:11:20 Daemon.Notice 172.24.42.254 snort[6149]: Running in IDS mode 2013-01-19 14:11:20 Daemon.Notice 172.24.42.254 snort[6149]: 2013-01-19 14:11:20 Daemon.Notice 172.24.42.254 snort[6149]: --== Initializing Snort ==-- 2013-01-19 14:11:20 Daemon.Notice 172.24.42.254 snort[6149]: Initializing Output Plugins! 2013-01-19 14:11:20 Daemon.Notice 172.24.42.254 snort[6149]: Initializing Preprocessors! 2013-01-19 14:11:20 Daemon.Notice 172.24.42.254 snort[6149]: Initializing Plug-ins! 2013-01-19 14:11:20 Daemon.Notice 172.24.42.254 snort[6149]: Parsing Rules file "/usr/local/etc/snort/snort_18203_pppoe1/snort.conf" ... 2013-01-19 14:12:11 Daemon.Notice 172.24.42.254 snort[57546]: [ Number of null byte prefixed patterns trimmed: 4690 ] 2013-01-19 14:12:11 Daemon.Notice 172.24.42.254 snort[57546]: pcap DAQ configured to passive. 2013-01-19 14:12:11 Daemon.Notice 172.24.42.254 snort[57546]: The DAQ version does not support reload. 2013-01-19 14:12:11 Daemon.Notice 172.24.42.254 snort[57546]: Acquiring network traffic from "bridge0". 2013-01-19 14:12:11 Daemon.Notice 172.24.42.254 snort[57546]: Initializing daemon mode 2013-01-19 14:12:11 Daemon.Notice 172.24.42.254 snort[21641]: Daemon initialized, signaled parent pid: 57546 2013-01-19 14:12:11 Daemon.Notice 172.24.42.254 snort[21641]: Reload thread starting... 2013-01-19 14:12:11 Daemon.Info 172.24.42.254 SnortStartup[21676]: Snort START For Lan(53096_bridge0)... 2013-01-19 14:12:11 Daemon.Notice 172.24.42.254 snort[21641]: Reload thread started, thread 0x3cff9740 (21641) 2013-01-19 14:12:11 Daemon.Notice 172.24.42.254 snort[21641]: Decoding Ethernet 2013-01-19 14:12:11 Kernel.Info 172.24.42.254 kernel: bridge0: promiscuous mode enabled 2013-01-19 14:12:11 Daemon.Notice 172.24.42.254 snort[21641]: Checking PID path... 2013-01-19 14:12:11 Daemon.Notice 172.24.42.254 snort[21641]: PID path stat checked out ok, PID path set to /var/run 2013-01-19 14:12:11 Daemon.Notice 172.24.42.254 snort[21641]: Writing PID "21641" to file "/var/run/snort_bridge053096.pid" 2013-01-19 14:12:11 Daemon.Notice 172.24.42.254 snort[21641]: 2013-01-19 14:12:11 Daemon.Notice 172.24.42.254 snort[21641]: --== Initialization Complete ==-- 2013-01-19 14:12:11 Daemon.Notice 172.24.42.254 snort[21641]: Commencing packet processing (pid=21641) 2013-01-19 14:12:25 User.Error 172.24.42.254 apinger: alarm canceled: WAN(10.250.0.9) *** down *** 2013-01-19 14:12:30 Local0.Info 172.24.42.254 pf: 00:01:34.556180 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22326, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:30 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:12:30 Local0.Info 172.24.42.254 pf: 00:00:00.000031 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22326, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:30 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:12:30 Local0.Info 172.24.42.254 pf: 00:00:00.035634 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22327, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:30 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:30 Local0.Info 172.24.42.254 pf: 00:00:00.000032 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22327, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:30 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:30 Local0.Info 172.24.42.254 pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22327, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:30 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:30 Local0.Info 172.24.42.254 pf: 00:00:00.094243 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22329, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:30 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:30 Local0.Info 172.24.42.254 pf: 00:00:00.000054 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22329, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:30 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:30 Local0.Info 172.24.42.254 pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22329, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:30 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 00:00:00.266089 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22332, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 00:00:00.000030 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22332, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22332, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 00:00:00.006642 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22333, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 00:00:00.000030 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22333, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22333, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 00:00:00.227067 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22342, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 00:00:00.000035 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22342, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22342, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:31 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:35 User.Notice 172.24.42.254 check_reload_status: Reloading filter 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:18.115624 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16408, offset 0, flags [DF], proto TCP (6), length 73) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 199.192.238.25.2030 > 74.125.142.108.993: Flags [P.], cksum 0xb513 (correct), ack 3477012993, win 16646, length 33 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.000652 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16409, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.000086 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16409, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.002810 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16411, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.000030 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16411, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16411, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.064198 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16466, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.000069 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16466, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.000016 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16466, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.236779 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16514, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.000096 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16514, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.000015 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16514, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.000545 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16515, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.000028 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16515, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16515, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.122940 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16539, offset 0, flags [none], proto IGMP (2), length 48, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.000030 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16539, offset 0, flags [none], proto IGMP (2), length 48, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16539, offset 0, flags [none], proto IGMP (2), length 48, options (RA)) 2013-01-19 14:12:49 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:50 User.Error 172.24.42.254 apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s. 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 00:00:00.176181 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16549, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 00:00:00.000034 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16549, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 00:00:00.000010 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16549, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 00:00:00.000081 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16550, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 00:00:00.000067 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16550, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16550, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 00:00:00.259698 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16557, offset 0, flags [DF], proto TCP (6), length 73) 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 199.192.238.25.42360 > 74.125.142.108.993: Flags [P.], cksum 0x1789 (correct), ack 3477012993, win 16646, length 33 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 00:00:00.063863 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16560, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 00:00:00.000055 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16560, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 00:00:00.000017 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16560, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:12:50 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:12:51 Local0.Info 172.24.42.254 pf: 00:00:01.636090 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16717, offset 0, flags [DF], proto TCP (6), length 73) 2013-01-19 14:12:51 Local0.Info 172.24.42.254 pf: 199.192.238.25.50874 > 74.125.142.108.993: Flags [P.], cksum 0xf646 (correct), ack 3477012993, win 16646, length 33 2013-01-19 14:12:55 Local0.Info 172.24.42.254 pf: 00:00:03.299385 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16810, offset 0, flags [none], proto TCP (6), length 73) 2013-01-19 14:12:55 Local0.Info 172.24.42.254 pf: 199.192.238.25.64636 > 74.125.142.108.993: Flags [P.], cksum 0xc084 (correct), ack 3477012993, win 16646, length 33 2013-01-19 14:12:58 Local0.Info 172.24.42.254 pf: 00:00:03.300201 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16850, offset 0, flags [none], proto TCP (6), length 73) 2013-01-19 14:12:58 Local0.Info 172.24.42.254 pf: 199.192.238.25.32735 > 74.125.142.108.993: Flags [P.], cksum 0x3d22 (correct), ack 3477012993, win 16646, length 33 2013-01-19 14:13:01 Local0.Info 172.24.42.254 pf: 00:00:03.299921 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16866, offset 0, flags [DF], proto TCP (6), length 73) 2013-01-19 14:13:01 Local0.Info 172.24.42.254 pf: 199.192.238.25.19486 > 74.125.142.108.993: Flags [P.], cksum 0x70e3 (correct), ack 3477012993, win 16646, length 33 2013-01-19 14:13:08 Local0.Info 172.24.42.254 pf: 00:00:06.600618 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16904, offset 0, flags [DF], proto TCP (6), length 73) 2013-01-19 14:13:08 Local0.Info 172.24.42.254 pf: 199.192.238.25.22116 > 74.125.142.108.993: Flags [P.], cksum 0x669d (correct), ack 3477012993, win 16646, length 33 2013-01-19 14:13:21 Local0.Info 172.24.42.254 pf: 00:00:13.199589 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 17111, offset 0, flags [DF], proto TCP (6), length 73) 2013-01-19 14:13:21 Local0.Info 172.24.42.254 pf: 199.192.238.25.9343 > 74.125.142.108.993: Flags [P.], cksum 0x9882 (correct), ack 3477012993, win 16646, length 33 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:12.622297 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17781, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000076 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17781, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.005870 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17783, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000030 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17783, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17783, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.005717 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17785, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000027 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17785, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17785, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000090 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17786, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000024 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17786, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17786, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.029238 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17789, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000033 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17789, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17789, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.273112 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17822, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000032 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17822, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17822, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000091 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17823, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000022 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17823, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17823, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.226790 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17850, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000058 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17850, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17850, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:13:35 Local0.Info 172.24.42.254 pf: 172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:13:48 Local0.Info 172.24.42.254 pf: 00:00:13.135819 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 18585, offset 0, flags [DF], proto TCP (6), length 40) 2013-01-19 14:13:48 Local0.Info 172.24.42.254 pf: 199.192.238.25.40730 > 74.125.142.108.993: Flags [R.], cksum 0xc6b7 (correct), seq 2407487129, ack 3477012993, win 0, length 0 2013-01-19 14:15:00 Cron.Info 172.24.42.254 /usr/sbin/cron[32497]: (root) CMD (/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc) 2013-01-19 14:15:00 Cron.Info 172.24.42.254 /usr/sbin/cron[32222]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 10800 snort2c) 2013-01-19 14:15:03 Local0.Info 172.24.42.254 pf: 00:01:14.950986 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2750, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:15:03 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] 2013-01-19 14:15:03 Local0.Info 172.24.42.254 pf: 00:00:00.000021 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2750, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:15:03 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] 2013-01-19 14:15:03 Local0.Info 172.24.42.254 pf: 00:00:00.055303 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2753, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:15:03 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:15:03 Local0.Info 172.24.42.254 pf: 00:00:00.000022 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2753, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:15:03 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:15:03 Local0.Info 172.24.42.254 pf: 00:00:00.000009 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2753, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:15:03 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:15:03 Local0.Info 172.24.42.254 pf: 00:00:00.083522 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2755, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:15:03 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:15:03 Local0.Info 172.24.42.254 pf: 00:00:00.000028 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2755, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:15:03 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:15:03 Local0.Info 172.24.42.254 pf: 00:00:00.000009 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2755, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:15:03 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 00:00:00.230214 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2757, offset 0, flags [none], proto IGMP (2), length 48, options (RA)) 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 00:00:00.000057 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2757, offset 0, flags [none], proto IGMP (2), length 48, options (RA)) 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2757, offset 0, flags [none], proto IGMP (2), length 48, options (RA)) 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 00:00:00.000035 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2762, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 00:00:00.000050 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2762, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)] 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 00:00:00.061596 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2764, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 00:00:00.000035 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2764, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2764, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 00:00:00.093995 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2766, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 00:00:00.000065 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2766, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 00:00:00.000016 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2766, offset 0, flags [none], proto IGMP (2), length 40, options (RA)) 2013-01-19 14:15:04 Local0.Info 172.24.42.254 pf: 172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)] 2013-01-19 14:15:10 Local0.Info 172.24.42.254 pf: 00:00:05.917517 rule 1/0(match): block in on pppoe1: (tos 0x0, ttl 115, id 21877, offset 0, flags [none], proto UDP (17), length 58) 2013-01-19 14:15:10 Local0.Info 172.24.42.254 pf: 24.89.231.188.62691 > 199.192.238.25.26836: UDP, length 30 2013-01-19 14:15:13 Local0.Info 172.24.42.254 pf: 00:00:02.577828 rule 1/0(match): block in on pppoe1: (tos 0x0, ttl 115, id 22126, offset 0, flags [none], proto UDP (17), length 58) 2013-01-19 14:15:13 Local0.Info 172.24.42.254 pf: 24.89.231.188.62691 > 199.192.238.25.26836: UDP, length 30 2013-01-19 14:15:16 Local0.Info 172.24.42.254 pf: 00:00:03.256166 rule 1/0(match): block in on pppoe1: (tos 0x0, ttl 115, id 22435, offset 0, flags [none], proto UDP (17), length 58) 2013-01-19 14:15:16 Local0.Info 172.24.42.254 pf: 24.89.231.188.62691 > 199.192.238.25.26836: UDP, length 30 2013-01-19 14:15:19 Local0.Info 172.24.42.254 pf: 00:00:03.348764 rule 1/0(match): block in on pppoe1: (tos 0x0, ttl 115, id 22826, offset 0, flags [none], proto UDP (17), length 58) 2013-01-19 14:15:19 Local0.Info 172.24.42.254 pf: 24.89.231.188.62691 > 199.192.238.25.26836: UDP, length 30 2013-01-19 14:15:24 Local0.Info 172.24.42.254 pf: 00:00:05.043766 rule 1/0(match): block in on pppoe1: (tos 0x0, ttl 115, id 23506, offset 0, flags [none], proto UDP (17), length 58) 2013-01-19 14:15:24 Local0.Info 172.24.42.254 pf: 24.89.231.188.62691 > 199.192.238.25.26836: UDP, length 30 2013-01-19 14:15:25 Local0.Info 172.24.42.254 pf: 00:00:00.364758 rule 54/0(match): pass in on pppoe1: (tos 0x0, ttl 46, id 38524, offset 0, flags [none], proto ICMP (1), length 76) 2013-01-19 14:15:25 Local0.Info 172.24.42.254 pf: 69.205.234.29 > 199.192.238.25: ICMP host 192.168.1.25 unreachable, length 56 2013-01-19 14:15:25 Local0.Info 172.24.42.254 pf: <009>(tos 0x0, ttl 109, id 5705, offset 0, flags [none], proto UDP (17), length 48) 2013-01-19 14:15:25 Local0.Info 172.24.42.254 pf: 199.192.238.25.32662 > 192.168.1.25.13826: UDP, length 20 2013-01-19 14:15:30 Local0.Info 172.24.42.254 pf: 00:00:05.546332 rule 1/0(match): block
-
Can you please test the latest package and see if it behaves better?
-
@ermal:
Can you please test the latest package and see if it behaves better?
I have 2.9.2.3 pkg v. 2.5.2 on Pfsense 2.0.1
-
Cant start Snort on the revised package….
-
Started but needed to enable SSL state preprocessor to get it going….
-
Started but needed to enable SSL state preprocessor to get it going….
Will take a look and submit a fix for this later. Might be as late as Wednesday evening, though. Have some personal matters to attend to today and tomorrow.
-
No worries mate :) Take your time. Its working and no errors. So not mission critical!
-
Remove and Install latest v2.5.3
Got this behind the install frame window
Warning: file(/usr/local/etc/snort/rules/emerging-virus.rules): failed to open stream: No such file or directory in /usr/local/pkg/snort/snort.inc on line 947 Warning: Invalid argument supplied for foreach() in /usr/local/pkg/snort/snort.inc on line 953
Got this when I stop and started the snort interface
22:55 mardi 22 janvier 2013 Warning: file(/usr/local/etc/snort/rules/emerging-virus.rules): failed to open stream: No such file or directory in /usr/local/pkg/snort/snort.inc on line 947 Warning: Invalid argument supplied for foreach() in /usr/local/pkg/snort/snort.inc on line 953 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 129 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 130 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 131 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 132 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 133 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 136
However snort seems to be running fine.
I cycle power on the DSL modem and it did not block the WAN IP. Its seems to behave ok.
-
Can we get Snort to save blocked hosts that can survive a reboot??
-
Can we get Snort to save blocked hosts that can survive a reboot??
I can take a look at this. I don't use that feature, and thus have never investigated it. How are enabled/disabled rules holding up now? Do your changes survive rule updates and restarts?
-
Remove and Install latest v2.5.3
Got this behind the install frame window
Warning: file(/usr/local/etc/snort/rules/emerging-virus.rules): failed to open stream: No such file or directory in /usr/local/pkg/snort/snort.inc on line 947 Warning: Invalid argument supplied for foreach() in /usr/local/pkg/snort/snort.inc on line 953
Got this when I stop and started the snort interface
22:55 mardi 22 janvier 2013 Warning: file(/usr/local/etc/snort/rules/emerging-virus.rules): failed to open stream: No such file or directory in /usr/local/pkg/snort/snort.inc on line 947 Warning: Invalid argument supplied for foreach() in /usr/local/pkg/snort/snort.inc on line 953 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 129 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 130 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 131 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 132 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 133 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 136
I can add some more robust error checking to prevent this. Did you by chance make any rule category changes during the uninstall/re-install process? Just asking to help me better isolate where the problem might be.
Thanks,
Bill -
I havent had a rule update yet, so will revert back as soon as I have :)
Can we get Snort to save blocked hosts that can survive a reboot??
I can take a look at this. I don't use that feature, and thus have never investigated it. How are enabled/disabled rules holding up now? Do your changes survive rule updates and restarts?
-
Snort doesnt respect whitelisted Alias on the WAN side. Got blocked out and had to use the back entrance :D
-
And another thing….everytime I enable/disable a rule, it throws me back to the top of the page....that makes a lot of scrolling all the time!! Can it be changed somehow? So you either go back to where you were or not move at all?
-
And another thing….everytime I enable/disable a rule, it throws me back to the top of the page....that makes a lot of scrolling all the time!! Can it be changed somehow? So you either go back to where you were or not move at all?
I will try. That one may be a bit difficult to pull off with the way PHP handles POST back with forms. I agree on it being a pain with scrolling.