Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Bogons file from july 1-st contained google netblock

    Firewalling
    2
    7
    2000
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      erkko last edited by

      last time this was updated, 30-36 days ago, it used to contain such netblocks:

      0.0.0.0/8
      10.0.0.0/8
      127.0.0.0/8
      169.254.0.0/16
      172.16.0.0/12
      192.0.0.0/24
      192.0.2.0/24
      192.168.0.0/16
      198.18.0.0/15
      198.51.100.0/24
      203.0.113.0/24
      224.0.0.0/4
      240.0.0.0/4

      file updated from crontab @ july 1:

      -rw-r–r--  1 root  wheel  146 Jul  1 05:08 /etc/bogons

      0.0.0.0/8
      127.0.0.0/8
      169.254.0.0/16
      192.0.0.0/24
      192.0.2.0/24
      66.249.0.0/16 <<<<<<<< google has spiders @ 66.249.64.0/19
      198.18.0.0/15
      198.51.100.0/24
      203.0.113.0/24
      224.0.0.0/4
      240.0.0.0/4

      and todays manual update produced again ok bogons file:

      -rw-r--r--  1 root  wheel  132 Jul 20 20:13 /etc/bogons

      0.0.0.0/8
      127.0.0.0/8
      169.254.0.0/16
      192.0.0.0/24
      192.0.2.0/24
      198.18.0.0/15
      198.51.100.0/24
      203.0.113.0/24
      224.0.0.0/4
      240.0.0.0/4

      does anyone have versions/backups of what has been served at http://files.pfsense.org/bogon-bn-nonagg.txt ?
      did this data came originally from iana?
      this fluke blocked effectively (and quietly, one might add) google from spidering our websites for 20 days and all of them lost their nice pagerank and moved wayyy deep in google search too :)

      rgds,
      e

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        It's pulled automatically from Cymru's bogon listing here. http://www.team-cymru.org/Services/Bogons/bogon-bn-nonagg.txt  Their change log shows no updates since February, and checking 10 boxes that last updated the same as everyone's on July 1, none of them have that in there. No record of that ever being on the server. No idea how you could have gotten that there short of leaving your firewall open with a weak password and someone screwing with you.

        1 Reply Last reply Reply Quote 0
        • E
          erkko last edited by

          indeed… 4 other pfsense machines had bogons file from same day and no such network in it.
          no permanent long-lasting log to look for about webif/ssh accesses, just circular logs?

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            yeah not unless you're syslogging.

            1 Reply Last reply Reply Quote 0
            • E
              erkko last edited by

              did not, fixed that now. changed passwords too everywhere, just in case. thanks man

              PS. if someone else looks for webif access logs combined with remote syslog (perhaps that guy: http://forum.pfsense.org/index.php/topic,22171.msg113966.html)

              /var/etc/lighty-webConfigurator.conf:
              server.errorlog-use-syslog  = "enable"
              accesslog.use-syslog        = "enable"
              …restart lighttpd
              plus log settings > remote logging etc

              1 Reply Last reply Reply Quote 0
              • C
                cmb last edited by

                that's weird… good remedial actions, you may want to backup your config, check it for sanity, and wipe out and reinstall it if you don't really trust it and restore the validated config.

                1 Reply Last reply Reply Quote 0
                • E
                  erkko last edited by

                  37 days old install. but nevertheless, old config along with old password was indeed restored when this fw replaced old one. will go over the conf with finetooth comb.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post