4. Pfsense travando promiscuous mode enabled

Pfsense travando promiscuous mode enabled

  • D

    Amigos tenho pf 2.3.2 p1 estava funcionando perfeito mas hoje já travou duas vezes e voltou a funcionar sozinho, e nos logs só mostra os dados abaixo, o que pode ser?

    Nov 28 16:10:02 snort 86619 [1:2403366:3136] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 34 [Classification: Misc Attack] [Priority: 2] {TCP} 80.82.70.26:52401 -> 189.111.107.163:23
    Nov 28 16:08:35 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:35 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:35 xinetd 19767 Swapping defaults
    Nov 28 16:08:35 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:34 kernel em1: promiscuous mode enabled
    Nov 28 16:08:34 kernel em1: promiscuous mode disabled
    Nov 28 16:08:34 ftp-proxy 87027 listening on 127.0.0.1 port 8021
    Nov 28 16:08:34 ftp-proxy 83896 listening on 127.0.0.1 port 8021
    Nov 28 16:08:34 check_reload_status Reloading filter
    Nov 28 16:08:34 SnortStartup 83101 Ignoring additional START command since Snort is already starting…
    Nov 28 16:08:27 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:27 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:27 xinetd 19767 Swapping defaults
    Nov 28 16:08:27 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:24 check_reload_status Starting packages
    Nov 28 16:08:24 check_reload_status Reloading filter
    Nov 28 16:08:23 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:23 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:23 xinetd 19767 Swapping defaults
    Nov 28 16:08:23 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:21 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:21 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:21 xinetd 19767 Swapping defaults
    Nov 28 16:08:21 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:18 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:18 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:18 xinetd 19767 Swapping defaults
    Nov 28 16:08:18 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:17 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:17 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:17 xinetd 19767 Swapping defaults
    Nov 28 16:08:17 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:16 check_reload_status rc.newwanip starting ovpns1
    Nov 28 16:08:16 kernel ovpns1: link state changed to UP
    Nov 28 16:08:16 check_reload_status Reloading filter
    Nov 28 16:08:16 kernel ovpns1: link state changed to DOWN
    Nov 28 16:08:16 check_reload_status Reloading filter
    Nov 28 16:08:00 snort 68740 Non ip() parameter passed with white list, skipping...
    Nov 28 16:08:00 kernel em1: promiscuous mode enabled
    Nov 28 16:08:00 kernel em1: promiscuous mode disabled
    Nov 28 16:08:00 ftp-proxy 74445 listening on 127.0.0.1 port 8021
    Nov 28 16:08:00 ftp-proxy 69911 listening on 127.0.0.1 port 8021
    Nov 28 16:08:00 check_reload_status Reloading filter
    Nov 28 16:08:00 kernel pid 86441 (snort), uid 0: exited on signal 11
    Nov 28 16:08:00 SnortStartup 68693 Snort START for Rede Local(29275_em1)...
    Nov 28 16:07:56 check_reload_status Reloading filter
    Nov 28 16:07:56 check_reload_status Restarting OpenVPN tunnels/interfaces
    Nov 28 16:07:56 check_reload_status Restarting ipsec tunnels
    Nov 28 16:07:56 check_reload_status updating dyndns WANGW
    Nov 28 16:07:53 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:53 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:53 xinetd 19767 Swapping defaults
    Nov 28 16:07:53 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:39 check_reload_status Starting packages
    Nov 28 16:07:39 check_reload_status Reloading filter
    Nov 28 16:07:37 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:37 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:37 xinetd 19767 Swapping defaults
    Nov 28 16:07:37 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:33 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:33 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:33 xinetd 19767 Swapping defaults
    Nov 28 16:07:33 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:19 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:19 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:19 xinetd 19767 Swapping defaults
    Nov 28 16:07:19 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:10 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:10 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:10 xinetd 19767 Swapping defaults
    Nov 28 16:07:10 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:09 check_reload_status rc.newwanip starting ovpns1
    Nov 28 16:07:09 kernel ovpns1: link state changed to UP
    Nov 28 16:07:09 check_reload_status Reloading filter
    Nov 28 16:07:09 check_reload_status Reloading filter
    Nov 28 16:07:09 kernel ovpns1: link state changed to DOWN
    Nov 28 16:06:58 ja-firewall.saopaulo.com.br nginx: 2016/11/28 16:06:58 [error] 35818#100103: *426668 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.203.99, server: , request: "GET /getstats.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.203.194:10443", referrer: "https://192.168.203.194:10443/"

    0
  • J

    @dreivi:

    Amigos tenho pf 2.3.2 p1 estava funcionando perfeito mas hoje já travou duas vezes e voltou a funcionar sozinho, e nos logs só mostra os dados abaixo, o que pode ser?

    Nov 28 16:10:02 snort 86619 [1:2403366:3136] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 34 [Classification: Misc Attack] [Priority: 2] {TCP} 80.82.70.26:52401 -> 189.111.107.163:23
    Nov 28 16:08:35 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:35 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:35 xinetd 19767 Swapping defaults
    Nov 28 16:08:35 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:34 kernel em1: promiscuous mode enabled
    Nov 28 16:08:34 kernel em1: promiscuous mode disabled
    Nov 28 16:08:34 ftp-proxy 87027 listening on 127.0.0.1 port 8021
    Nov 28 16:08:34 ftp-proxy 83896 listening on 127.0.0.1 port 8021
    Nov 28 16:08:34 check_reload_status Reloading filter
    Nov 28 16:08:34 SnortStartup 83101 Ignoring additional START command since Snort is already starting…
    Nov 28 16:08:27 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:27 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:27 xinetd 19767 Swapping defaults
    Nov 28 16:08:27 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:24 check_reload_status Starting packages
    Nov 28 16:08:24 check_reload_status Reloading filter
    Nov 28 16:08:23 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:23 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:23 xinetd 19767 Swapping defaults
    Nov 28 16:08:23 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:21 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:21 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:21 xinetd 19767 Swapping defaults
    Nov 28 16:08:21 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:18 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:18 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:18 xinetd 19767 Swapping defaults
    Nov 28 16:08:18 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:17 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:08:17 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:08:17 xinetd 19767 Swapping defaults
    Nov 28 16:08:17 xinetd 19767 Starting reconfiguration
    Nov 28 16:08:16 check_reload_status rc.newwanip starting ovpns1
    Nov 28 16:08:16 kernel ovpns1: link state changed to UP
    Nov 28 16:08:16 check_reload_status Reloading filter
    Nov 28 16:08:16 kernel ovpns1: link state changed to DOWN
    Nov 28 16:08:16 check_reload_status Reloading filter
    Nov 28 16:08:00 snort 68740 Non ip() parameter passed with white list, skipping...
    Nov 28 16:08:00 kernel em1: promiscuous mode enabled
    Nov 28 16:08:00 kernel em1: promiscuous mode disabled
    Nov 28 16:08:00 ftp-proxy 74445 listening on 127.0.0.1 port 8021
    Nov 28 16:08:00 ftp-proxy 69911 listening on 127.0.0.1 port 8021
    Nov 28 16:08:00 check_reload_status Reloading filter
    Nov 28 16:08:00 kernel pid 86441 (snort), uid 0: exited on signal 11
    Nov 28 16:08:00 SnortStartup 68693 Snort START for Rede Local(29275_em1)...
    Nov 28 16:07:56 check_reload_status Reloading filter
    Nov 28 16:07:56 check_reload_status Restarting OpenVPN tunnels/interfaces
    Nov 28 16:07:56 check_reload_status Restarting ipsec tunnels
    Nov 28 16:07:56 check_reload_status updating dyndns WANGW
    Nov 28 16:07:53 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:53 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:53 xinetd 19767 Swapping defaults
    Nov 28 16:07:53 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:39 check_reload_status Starting packages
    Nov 28 16:07:39 check_reload_status Reloading filter
    Nov 28 16:07:37 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:37 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:37 xinetd 19767 Swapping defaults
    Nov 28 16:07:37 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:33 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:33 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:33 xinetd 19767 Swapping defaults
    Nov 28 16:07:33 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:19 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:19 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:19 xinetd 19767 Swapping defaults
    Nov 28 16:07:19 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:10 xinetd 19767 Reconfigured: new=0 old=1 dropped=0 (services)
    Nov 28 16:07:10 xinetd 19767 readjusting service 6969-udp
    Nov 28 16:07:10 xinetd 19767 Swapping defaults
    Nov 28 16:07:10 xinetd 19767 Starting reconfiguration
    Nov 28 16:07:09 check_reload_status rc.newwanip starting ovpns1
    Nov 28 16:07:09 kernel ovpns1: link state changed to UP
    Nov 28 16:07:09 check_reload_status Reloading filter
    Nov 28 16:07:09 check_reload_status Reloading filter
    Nov 28 16:07:09 kernel ovpns1: link state changed to DOWN
    Nov 28 16:06:58 ja-firewall.saopaulo.com.br nginx: 2016/11/28 16:06:58 [error] 35818#100103: *426668 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.203.99, server: , request: "GET /getstats.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.203.194:10443", referrer: "https://192.168.203.194:10443/"

    esta utilizando o snort?

    0
  • D

    Sim, estou usando o Snort, mas ele derruba a rede? estou usando ele em todas as interfaces mas colocando as redes internas como exceção, em1 do log é a rede interna, devo remover essa rede do snort?

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy