Pfsense travando promiscuous mode enabled



  • Amigos tenho pf 2.3.2 p1 estava funcionando perfeito mas hoje já travou duas vezes e voltou a funcionar sozinho, e nos logs só mostra os dados abaixo, o que pode ser?

    Nov 28 16:10:02 snort 86619 [1:2403366:3136] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 34 [Classification: Misc Attack] [Priority: 2] {TCP} 80.82.70.26:52401 -> 189.111.107.163:23
    Nov 28 16:08:35 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:35 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:35 xinetd 19767 Swapping defaults
    Nov 28 16:08:35 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:34 kernel em1: promiscuous mode enabled
    Nov 28 16:08:34 kernel em1: promiscuous mode disabled
    Nov 28 16:08:34 ftp-proxy 87027 listening on 127.0.0.1 port 8021
    Nov 28 16:08:34 ftp-proxy 83896 listening on 127.0.0.1 port 8021
    Nov 28 16:08:34 check_reload_status Reloading filter
    Nov 28 16:08:34 SnortStartup 83101 Ignoring additional START command since Snort is already starting…
    Nov 28 16:08:27 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:27 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:27 xinetd 19767 Swapping defaults
    Nov 28 16:08:27 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:24 check_reload_status Starting packages
    Nov 28 16:08:24 check_reload_status Reloading filter
    Nov 28 16:08:23 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:23 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:23 xinetd 19767 Swapping defaults
    Nov 28 16:08:23 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:21 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:21 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:21 xinetd 19767 Swapping defaults
    Nov 28 16:08:21 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:18 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:18 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:18 xinetd 19767 Swapping defaults
    Nov 28 16:08:18 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:17 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:17 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:17 xinetd 19767 Swapping defaults
    Nov 28 16:08:17 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:16 check_reload_status rc.newwanip starting ovpns1
    Nov 28 16:08:16 kernel ovpns1: link state changed to UP
    Nov 28 16:08:16 check_reload_status Reloading filter
    Nov 28 16:08:16 kernel ovpns1: link state changed to DOWN
    Nov 28 16:08:16 check_reload_status Reloading filter
    Nov 28 16:08:00 snort 68740 Non ip() parameter passed with white list, skipping...
    Nov 28 16:08:00 kernel em1: promiscuous mode enabled
    Nov 28 16:08:00 kernel em1: promiscuous mode disabled
    Nov 28 16:08:00 ftp-proxy 74445 listening on 127.0.0.1 port 8021
    Nov 28 16:08:00 ftp-proxy 69911 listening on 127.0.0.1 port 8021
    Nov 28 16:08:00 check_reload_status Reloading filter
    Nov 28 16:08:00 kernel pid 86441 (snort), uid 0: exited on signal 11
    Nov 28 16:08:00 SnortStartup 68693 Snort START for Rede Local(29275_em1)...
    Nov 28 16:07:56 check_reload_status Reloading filter
    Nov 28 16:07:56 check_reload_status Restarting OpenVPN tunnels/interfaces
    Nov 28 16:07:56 check_reload_status Restarting ipsec tunnels
    Nov 28 16:07:56 check_reload_status updating dyndns WANGW
    Nov 28 16:07:53 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:53 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:53 xinetd 19767 Swapping defaults
    Nov 28 16:07:53 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:39 check_reload_status Starting packages
    Nov 28 16:07:39 check_reload_status Reloading filter
    Nov 28 16:07:37 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:37 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:37 xinetd 19767 Swapping defaults
    Nov 28 16:07:37 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:33 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:33 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:33 xinetd 19767 Swapping defaults
    Nov 28 16:07:33 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:19 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:19 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:19 xinetd 19767 Swapping defaults
    Nov 28 16:07:19 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:10 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:10 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:10 xinetd 19767 Swapping defaults
    Nov 28 16:07:10 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:09 check_reload_status rc.newwanip starting ovpns1
    Nov 28 16:07:09 kernel ovpns1: link state changed to UP
    Nov 28 16:07:09 check_reload_status Reloading filter
    Nov 28 16:07:09 check_reload_status Reloading filter
    Nov 28 16:07:09 kernel ovpns1: link state changed to DOWN
    Nov 28 16:06:58 ja-firewall.saopaulo.com.br nginx: 2016/11/28 16:06:58 [error] 35818#100103: *426668 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.203.99, server: , request: "GET /getstats.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.203.194:10443", referrer: "https://192.168.203.194:10443/"



  • @dreivi:

    Amigos tenho pf 2.3.2 p1 estava funcionando perfeito mas hoje já travou duas vezes e voltou a funcionar sozinho, e nos logs só mostra os dados abaixo, o que pode ser?

    Nov 28 16:10:02 snort 86619 [1:2403366:3136] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 34 [Classification: Misc Attack] [Priority: 2] {TCP} 80.82.70.26:52401 -> 189.111.107.163:23
    Nov 28 16:08:35 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:35 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:35 xinetd 19767 Swapping defaults
    Nov 28 16:08:35 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:34 kernel em1: promiscuous mode enabled
    Nov 28 16:08:34 kernel em1: promiscuous mode disabled
    Nov 28 16:08:34 ftp-proxy 87027 listening on 127.0.0.1 port 8021
    Nov 28 16:08:34 ftp-proxy 83896 listening on 127.0.0.1 port 8021
    Nov 28 16:08:34 check_reload_status Reloading filter
    Nov 28 16:08:34 SnortStartup 83101 Ignoring additional START command since Snort is already starting…
    Nov 28 16:08:27 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:27 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:27 xinetd 19767 Swapping defaults
    Nov 28 16:08:27 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:24 check_reload_status Starting packages
    Nov 28 16:08:24 check_reload_status Reloading filter
    Nov 28 16:08:23 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:23 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:23 xinetd 19767 Swapping defaults
    Nov 28 16:08:23 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:21 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:21 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:21 xinetd 19767 Swapping defaults
    Nov 28 16:08:21 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:18 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:18 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:18 xinetd 19767 Swapping defaults
    Nov 28 16:08:18 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:17 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:17 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:17 xinetd 19767 Swapping defaults
    Nov 28 16:08:17 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:16 check_reload_status rc.newwanip starting ovpns1
    Nov 28 16:08:16 kernel ovpns1: link state changed to UP
    Nov 28 16:08:16 check_reload_status Reloading filter
    Nov 28 16:08:16 kernel ovpns1: link state changed to DOWN
    Nov 28 16:08:16 check_reload_status Reloading filter
    Nov 28 16:08:00 snort 68740 Non ip() parameter passed with white list, skipping...
    Nov 28 16:08:00 kernel em1: promiscuous mode enabled
    Nov 28 16:08:00 kernel em1: promiscuous mode disabled
    Nov 28 16:08:00 ftp-proxy 74445 listening on 127.0.0.1 port 8021
    Nov 28 16:08:00 ftp-proxy 69911 listening on 127.0.0.1 port 8021
    Nov 28 16:08:00 check_reload_status Reloading filter
    Nov 28 16:08:00 kernel pid 86441 (snort), uid 0: exited on signal 11
    Nov 28 16:08:00 SnortStartup 68693 Snort START for Rede Local(29275_em1)...
    Nov 28 16:07:56 check_reload_status Reloading filter
    Nov 28 16:07:56 check_reload_status Restarting OpenVPN tunnels/interfaces
    Nov 28 16:07:56 check_reload_status Restarting ipsec tunnels
    Nov 28 16:07:56 check_reload_status updating dyndns WANGW
    Nov 28 16:07:53 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:53 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:53 xinetd 19767 Swapping defaults
    Nov 28 16:07:53 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:39 check_reload_status Starting packages
    Nov 28 16:07:39 check_reload_status Reloading filter
    Nov 28 16:07:37 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:37 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:37 xinetd 19767 Swapping defaults
    Nov 28 16:07:37 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:33 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:33 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:33 xinetd 19767 Swapping defaults
    Nov 28 16:07:33 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:19 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:19 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:19 xinetd 19767 Swapping defaults
    Nov 28 16:07:19 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:10 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:10 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:10 xinetd 19767 Swapping defaults
    Nov 28 16:07:10 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:09 check_reload_status rc.newwanip starting ovpns1
    Nov 28 16:07:09 kernel ovpns1: link state changed to UP
    Nov 28 16:07:09 check_reload_status Reloading filter
    Nov 28 16:07:09 check_reload_status Reloading filter
    Nov 28 16:07:09 kernel ovpns1: link state changed to DOWN
    Nov 28 16:06:58 ja-firewall.saopaulo.com.br nginx: 2016/11/28 16:06:58 [error] 35818#100103: *426668 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.203.99, server: , request: "GET /getstats.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.203.194:10443", referrer: "https://192.168.203.194:10443/"

    esta utilizando o snort?



  • Sim, estou usando o Snort, mas ele derruba a rede? estou usando ele em todas as interfaces mas colocando as redes internas como exceção, em1 do log é a rede interna, devo remover essa rede do snort?