pfSense CE 2.4.4-p3 on A2SDi-8C-HLN4F(CPU atom c3758) froze
-
Because of the lock-down period for COVID-19, these symptoms were found very late.
pfSense CE 2.4.4-p3 ran on Supermicro A2SDi-8C-HLN4F. A atom c3758 motherboard.
The packages hadn't been updated since when it was upgraded to 2.4.4-p3. No WAN log-in access or VPN access allowed at the previous moment when upgraded to 2.4.4-p3.
VGA console has no reaction with keyboard input except of "enter".
Symptoms:
(1) NAT, vlans, suricata IDS and FreeRADIUS 3 were functioning as normal. Suricata was monitoring WAN and the vlans on LAN port.
(2) The browser could get the https' certificate, but no response after accepted the certificate.
(3) The device log-in records of freeradius 3 can be seen on system.log.
(4) But the "arpwatch" records which was usually supposed to show up at over 50% changes of WiFi log-in disappeared at recent period.
(5) From the management ip,
nmap 192.168.xxx.1, only 3 ports open: 80, 443, 3000 (ppp).sshd port should open as the webgui configuration but not. And the freeradius 3 port is not shown as open or filtered.
Press the power button and make a cold boot. Boot looping appears.
Boot to single mode and issue "fsck -y /" several times as this forum said.
When returned to normal, upgraded to 2.4.5 and updated all the packages that comes with new updates.The service/services after darkstat loaded very slow at the boot looping. The drive is a Intel enterprise SSD. The next one to darkstat is ntopng.
Darkstat and ntopng are stopped now. Only service watchdog, suricata, arpwatch, freeradius 3 are running.
I already tared the /var/log folder. What other evidences should I collect?
ntopng issue? It opens port 3000 and nmap scanned it out.
Or buffer over flow, or more seriously, a backdoor? -
This post is deleted!