Pfsense phoning home when I thought it was all switched off?

firewalluser

Just noticed in the logs, pfsense phoning home yet I've switched off the dashboard version checker (System: Firmware: Settings, Disable the automatic dashboard auto-update check.)

Is there anything else thats needs switching off to stop pfsense from phoning home, and whats been pulled from the firewall anyway as theres alot of packets?

Is there some new remote facility built into pfsense now?

TIA?

Jan 19 23:35:31 WAN   92.29.126.45:22182   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:24 WAN   92.29.126.45:31827   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:20 WAN   92.29.126.45:29273   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:18 WAN   92.29.126.45:26383   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:18 WAN   92.29.126.45:26094   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:18 WAN   92.29.126.45:27575   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:18 WAN   92.29.126.45:51953   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:15 WAN   92.29.126.45:48410   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:15 WAN   92.29.126.45:25537   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:15 WAN   92.29.126.45:45405   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:15 WAN   92.29.126.45:62256   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:15 WAN   92.29.126.45:29361   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:13 WAN   92.29.126.45:24992   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:13 WAN   92.29.126.45:42913   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:13 WAN   92.29.126.45:63959   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:13 WAN   92.29.126.45:64085   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:13 WAN   92.29.126.45:6034   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:11 WAN   92.29.126.45:52940   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:11 WAN   92.29.126.45:52808   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:11 WAN   92.29.126.45:58533   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:11 WAN   92.29.126.45:31532   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:11 WAN   92.29.126.45:27864   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:11 WAN   92.29.126.45:62128   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:10 WAN   92.29.126.45:57571   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:08 WAN   92.29.126.45:50790   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:08 WAN   92.29.126.45:32981   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:08 WAN   92.29.126.45:10484   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:08 WAN   92.29.126.45:34846   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:08 WAN   92.29.126.45:38119   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:07 WAN   92.29.126.45:35984   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:06 WAN   92.29.126.45:17412   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:05 WAN   92.29.126.45:17906   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:05 WAN   92.29.126.45:22497   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:05 WAN   92.29.126.45:2257   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:05 WAN   92.29.126.45:62258   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:04 WAN   92.29.126.45:44293   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:04 WAN   92.29.126.45:1508   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:04 WAN   92.29.126.45:15779   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:04 WAN   92.29.126.45:3321   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:04 WAN   92.29.126.45:62013   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:02 WAN   92.29.126.45:17873   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:01 WAN   92.29.126.45:18372   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:01 WAN   92.29.126.45:42980   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:30:01 WAN   92.29.126.45:57613   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

Jan 19 23:29:59 WAN   92.29.126.45:6201   208.123.73.68:443
www1.atx.pfmechanics.com TCP:S

jimp

If you have the packages widget active it will do a package version check/test.

Also if you try to load the package list (available or installed), or do a manual firmware check, or if the system needs to do a bogons update, or if you have AutoConfigBackup installed…

Guest

Be aware that when you disable the last "phone home" daemon (good luck finding them all), your pfSense install will turn into a bot platform for our "pfSense Black" offering.

(Read the Ts & Cs, it's in there!)

firewalluser

I only have snort installed but that wasnt doing an update and I think that goes elsewhere iirc.

No widgets installed, no autoconfigbackup installed, wasnt in packages, how would I know about a bogons as I cant see anything in the logs?

I've been trying to adopt the backtrack tag "The quieter you become, the more you are able to hear.", so things like Windows nic phone home is off, http://technet.microsoft.com/en-us/library/cc766017(v=ws.10).aspx, as is windows updates, in fact that only gets initiated when a snort surpress for exe's, dll's aka PE's is enabled until the updates are completed then it goes back on again. And because it can take AV companies months sometimes years to reverse engineer and then decide if some code is malicious, not to mention the AV programs miss a % of virus according to shadowserver.org https://www.shadowserver.org/wiki/pmwiki.php/AV/Viruses I try to be careful and I have an enquiring mind.  ;)