Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Large amount of data usage

    Scheduled Pinned Locked Moved General pfSense Questions
    24 Posts 6 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by

      What is the IP - look to its mac in your arp table tell you what device it is.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • M
        mikecala
        last edited by

        Well, I found my issue. The IPMI interface on my board binds itself to the first ethernet port so the ipmi interface was pulling the second IP and causing that extra traffic on my network…

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          how did you track that down?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • M
            mikecala
            last edited by

            So once I got the IP from my ISP I found it showing up in the ARP table with the MAC address matching with my board's manufacturer. I decided to just type in the IP, which admittedly should have been something I did before, and it popped up with my IPMI web console. I did some research and figured out that by default the IMPI bonds to the dedicated port as well as the first ethernet port so I went in and disabled it.

            Definitely not something I thought about at all honestly.

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              Good catch… For sure - you sure wouldn't want your ipmi open to the public internet..

              Such an option should really be disabled in the bios out of the box..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • M
                mikecala
                last edited by

                You'd think but I guess since it's not really a board meant to be a router they just assume it's only going to be inside the network.

                simondngS 1 Reply Last reply Reply Quote 0
                • simondngS
                  simondng @mikecala
                  last edited by

                  @mikecala Man, wish I'd seen this thread a few days ago. I've had exactly the same problem, new pfSense install - using 30GB+ extra a day more than normal. What board are you using?

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Wow, that's concerning. What on IPMI there is using 30GB a day? Was it exposed with default credentials?

                    Steve

                    simondngS 1 Reply Last reply Reply Quote 0
                    • simondngS
                      simondng @stephenw10
                      last edited by

                      @stephenw10 I'm not sure if it was IPMI, or some other misconfiguration on my behalf.

                      It's a APU.2C4 board.

                      I've taken it offline for now, as it used up the 1TB allowance last month.

                      1 Reply Last reply Reply Quote 0
                      • G
                        gzorn
                        last edited by

                        It seems like many business branded comps (Dell, Lenovo, etc) have security issues on onboard ethernet (exposing either IPMI or AMT). On my router machine, I'm only using the onboard ethernet for a 'management lan' that gets no internet access at all. IPMI and switch management interfaces shouldn't need to access the internet anyway. WAN and LANs served by an intel 4-port card. I just don't trust those manufacturers to patch management bugs fast enough.

                        For all those who ran into this data usage issue, I'd urge you to reset your IPMI or AMT interface to factory defaults before locking it down. It's an annoyingly nontrivial task in some cases. If it's got gigs of data usage, I'd be concerned that a bad actor somewhere has pwned your management interface.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.