Netgate Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - NogBadTheBad

Pages: [1] 2 3
1
Packages / ntopng 0.8.12
« on: April 20, 2018, 08:33:19 am »
Not sure if anyone has noticed yet, with the latest version of ntopng, the enc0 interface seems to be available under the interfaces pull down.

However its not an option in the pfSense ntopng General Options Interfaces section.

Also it doesn't seem to collect any sort of VPN data.

2
IDS/IPS / Snort on IKEv2 IPsec Interface ( enc0 )
« on: April 16, 2018, 03:15:11 pm »
Is it possible to get Snort to see the the IKEv2 IPsec interface ( enc0 ), there's probaly a very good reason why you can't :)

2018-04-16

21:08:08   1   TCP   Potential Corporate Privacy Violation   216.239.32.21 443   WAN-IP 32926   1:2025330

ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)

I can see the above alert / block on the WAN interface but that doesn't give me the VPN client IP address when I try and browse https://www.ipinfo.io/ from my iDevice when vpnd in over 4G.

From the LAN it's fine.

2018-04-16

21:15:25   1   TCP   Potential Corporate Privacy Violation   216.239.38.21 n443   172.16.2.20 65487   1:2025330

ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)

3
Installation and Upgrades / [ Solved ] Loopback & 2.4.3 Update
« on: March 29, 2018, 02:30:05 pm »
If anyone has an issue with syslogd not starting after the 2.4.3 update I think I've found an issue when using an IPv4 loopback address as the source address for syslog messages when sending them to a log server.

I've raised a ticket after chatting with support and they are looking into it now.

I can't start syslogd from the web page and it doesn't start from reboot, if I start it from the CLI it works fine till I clear the logs then it doesn't re-start.

If I change the source address from an IPv4 Loopback to Default (any) everything works.


Looks like its an issue with the loopback VIPs post boot :-

[2.4.3-RELEASE][admin@pfsense]/root: ifconfig lo0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
   options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
   inet 127.0.0.1 netmask 0xff000000
   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
   groups: lo
[2.4.3-RELEASE][admin@pfsense]/root:

After going back into the virtual IPs and just hitting an apply to the defined vips :-

[2.4.3-RELEASE][admin@pfsense]/root: ifconfig lo0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
   options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
   inet6 2a02:xxxx:yyyy::1 prefixlen 128
   inet 127.0.0.1 netmask 0xff000000
   inet 172.16.0.1 netmask 0xffffffff
   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
   groups: lo
[2.4.3-RELEASE][admin@pfsense]/root:

https://redmine.pfsense.org/issues/8393 it's a bug.

4
webGUI / Suggestion - Graph Table Sizes
« on: February 14, 2018, 02:38:16 pm »
Just a thought, would it be possible to monitor the line count in the tables and graph them via Status -> Monitoring.

It would be nice to get an overall view of snort2c and maybe the other out of the box defined tables.

If it's something that is viable I'll pop in a redmine.

5
IDS/IPS / A Couple of Snort suggestions
« on: December 15, 2017, 03:52:03 am »
Any chance of :-

1) The Category Rules Summary being displayed at the top and bottom of the web page or just maybe move it to the top, its a bit of a pain when a large number of rules are in a category when you have to scroll right down to the bottom.

2) When disabling a rule being able to disable it just for that interface or all interfaces with snort enabled.

6
General Questions / Diagnostics / pfInfo Page
« on: November 21, 2017, 02:34:23 pm »
The output from pfInfo ( now running 2.4.2 ) seems to show my vlans twice igb0.X and vlanX, is this caused by the renaming of the interfaces in 2.4.1, never noticed it before.

Are the entries in red even valid now ?

igb0
   Cleared:     Tue Nov 21 17:01:09 2017
   References:  28               
   In4/Pass:    [ Packets: 124682             Bytes: 5261641            ]
   In4/Block:   [ Packets: 2                  Bytes: 80                 ]
   Out4/Pass:   [ Packets: 123022             Bytes: 3668640            ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 167                Bytes: 39563              ]
   In6/Block:   [ Packets: 4                  Bytes: 384                ]
   Out6/Pass:   [ Packets: 2117               Bytes: 275795             ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
igb0.2
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  31               
   In4/Pass:    [ Packets: 84561              Bytes: 14100515           ]
   In4/Block:   [ Packets: 3209               Bytes: 129477             ]
   Out4/Pass:   [ Packets: 92839              Bytes: 91506262           ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 139511             Bytes: 17610497           ]
   In6/Block:   [ Packets: 3518               Bytes: 299277             ]
   Out6/Pass:   [ Packets: 158235             Bytes: 89417908           ]
   Out6/Block:  [ Packets: 1                  Bytes: 64                 ]
igb0.3
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  31               
   In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In4/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In6/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Pass:   [ Packets: 2014               Bytes: 261304             ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
igb0.4
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  33               
   In4/Pass:    [ Packets: 44699              Bytes: 4094749            ]
   In4/Block:   [ Packets: 107                Bytes: 12854              ]
   Out4/Pass:   [ Packets: 200931             Bytes: 292414640          ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 1461               Bytes: 605345             ]
   In6/Block:   [ Packets: 10                 Bytes: 0                  ]
   Out6/Pass:   [ Packets: 3485               Bytes: 1366962            ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
igb0.5
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  31               
   In4/Pass:    [ Packets: 51                 Bytes: 4996               ]
   In4/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Pass:   [ Packets: 51                 Bytes: 4884               ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 139                Bytes: 11372              ]
   In6/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Pass:   [ Packets: 2131               Bytes: 269772             ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
igb0.6
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  16               
   In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In4/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In6/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Pass:   [ Packets: 1961               Bytes: 254448             ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]

vlan
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  0                 
   In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In4/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In6/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
igb0
   Cleared:     Tue Nov 21 17:01:09 2017
   References:  28               
   In4/Pass:    [ Packets: 124682             Bytes: 5261641            ]
   In4/Block:   [ Packets: 2                  Bytes: 80                 ]
   Out4/Pass:   [ Packets: 123022             Bytes: 3668640            ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 167                Bytes: 39563              ]
   In6/Block:   [ Packets: 4                  Bytes: 384                ]
   Out6/Pass:   [ Packets: 2117               Bytes: 275795             ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
igb0.2
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  31               
   In4/Pass:    [ Packets: 84561              Bytes: 14100515           ]
   In4/Block:   [ Packets: 3209               Bytes: 129477             ]
   Out4/Pass:   [ Packets: 92839              Bytes: 91506262           ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 139511             Bytes: 17610497           ]
   In6/Block:   [ Packets: 3518               Bytes: 299277             ]
   Out6/Pass:   [ Packets: 158235             Bytes: 89417908           ]
   Out6/Block:  [ Packets: 1                  Bytes: 64                 ]
igb0.3
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  31               
   In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In4/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In6/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Pass:   [ Packets: 2014               Bytes: 261304             ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
igb0.4
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  33               
   In4/Pass:    [ Packets: 44699              Bytes: 4094749            ]
   In4/Block:   [ Packets: 107                Bytes: 12854              ]
   Out4/Pass:   [ Packets: 200931             Bytes: 292414640          ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 1461               Bytes: 605345             ]
   In6/Block:   [ Packets: 10                 Bytes: 0                  ]
   Out6/Pass:   [ Packets: 3485               Bytes: 1366962            ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
igb0.5
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  31               
   In4/Pass:    [ Packets: 51                 Bytes: 4996               ]
   In4/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Pass:   [ Packets: 51                 Bytes: 4884               ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 139                Bytes: 11372              ]
   In6/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Pass:   [ Packets: 2131               Bytes: 269772             ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
igb0.6
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  16               
   In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In4/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In6/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Pass:   [ Packets: 1961               Bytes: 254448             ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]

vlan
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  0                 
   In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In4/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In6/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
vlan0
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  0                 
   In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In4/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In6/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
vlan1
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  0                 
   In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In4/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In6/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
vlan2
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  0                 
   In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In4/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In6/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
vlan3
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  0                 
   In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In4/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In6/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]
vlan4
   Cleared:     Tue Nov 21 17:00:48 2017
   References:  0                 
   In4/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In4/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out4/Block:  [ Packets: 0                  Bytes: 0                  ]
   In6/Pass:    [ Packets: 0                  Bytes: 0                  ]
   In6/Block:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Pass:   [ Packets: 0                  Bytes: 0                  ]
   Out6/Block:  [ Packets: 0                  Bytes: 0                  ]

7
Traffic Shaping / Looks like 2.4.1 has broken the Status -> Queues Page
« on: October 25, 2017, 08:32:14 am »
I've popped in a redmine, but it looks like the move to name vlans by their interface name . VLAN ID has broken the Status -> Queues Page.

My VLANS on parent interface igb0 now just show (loading), all was fine with 2.4.0.

https://redmine.pfsense.org/issues/8007

8
Packages / [Solved] Freeradius, WAP2-Enterprise & IKEv2 Clients
« on: October 16, 2017, 08:40:27 am »
Following on from assigning my IKEv2 clients a fixed IP addres via Freeradius.

Is there any way of stopping the IKEv2 Clients IDs  andy-ipad, andy-iphone, etc .... from connecting via Wi-Fi ?

My /usr/local/etc/raddb/users file looks like this :-

"andy" Cleartext-Password := "PASSWORDHERE"

   Service-Type = Administrative-User
   



"andy-ipad" Cleartext-Password := "PASSWORDHERE", Simultaneous-Use := "1"

   Framed-IP-Address = 172.16.9.1,
   Framed-IP-Netmask = 255.255.255.0,
   Framed-Route = "0.0.0.0/0 172.16.0.1 1"



"andy-iphone" Cleartext-Password := "PASSWORDHERE", Simultaneous-Use := "1"

   Framed-IP-Address = 172.16.9.2,
   Framed-IP-Netmask = 255.255.255.0,
   Framed-Route = "0.0.0.0/0 172.16.0.1 1"

Etc ...

9
IDS/IPS / 2.4.0 Snort Issue
« on: October 12, 2017, 11:47:27 am »
Services -> Snort -> Pass Lists

The following appears under Assigned Alias on the Pass List page :-

Project-Id-Version: PACKAGE VERSION Report-Msgid-Bugs-To: POT-Creation-Date: 2017-10-10 07:36-0300 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PO-Revision-Date: 2017-02-03 05:17-0500 Last-Translator: Jim Thompson Language-Team: English (United States) Language: en-US X-Generator: Zanata 3.9.6 Plural-Forms: nplurals=2; plural=(n != 1)

I'll pop in a redmine.

Bug #7932

10
Packages / Freeradius3 Accounting Interim Interval Wording
« on: October 09, 2017, 10:27:43 am »
Is the wording correct ?

Accounting Interim Interval
Enter the interval in seconds which should elapse between interim-updates.
It must be more than 60s and should not be less than 600s. (Default: 600)

Should it read :-

It must be more than 60s and should not be more than 600s.

I'll pop in a redmine if it's wrong.

11
IDS/IPS / Snort Custom Alerts
« on: August 09, 2017, 11:11:17 am »
I've been trying to set up custom alerts on my DMZ interface, anyone done anything similar ?

I've done the following for testing at the moment :-

1) Go into the DMZ interface under Snort.

2) Edit DMZ Rules

3) Category Selection and select custom rules.

4) Added "alert icmp any any -> any any (msg:"ICMP Packet found";sid:1000001;rev:1)"

5) Saved then restarted snort on the DMZ interface.

It appears to be running fine till the first ICMP when snort exits with a signal 11.


Aug 9 17:10:57   kernel      pid 79865 (snort), uid 0: exited on signal 11
Aug 9 17:10:56   barnyard2   54735   Waiting for new data
Aug 9 17:10:56   barnyard2   54735   Opened spool file '/var/log/snort/snort_igb0_vlan518233/snort_18233_igb0_vlan5.u2.1502295056'
Aug 9 17:10:56   barnyard2   54735   Closing spool file '/var/log/snort/snort_igb0_vlan518233/snort_18233_igb0_vlan5.u2.1502294696'. Read 0 records
Aug 9 17:10:27   php-fpm   9124   /snort/snort_interfaces.php: [Snort] Snort START for DMZ(igb0_vlan5)...
Aug 9 17:10:27   php-fpm   9124   /snort/snort_interfaces.php: Starting Snort on DMZ(igb0_vlan5) per user request...
Aug 9 17:10:24   php-fpm   9124   /snort/snort_interfaces.php: [Snort] Building new sid-msg.map file for VOICE...
Aug 9 17:10:22   php-fpm   9124   /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: VOICE...
Aug 9 17:10:09   php-fpm   9124   /snort/snort_interfaces.php: [Snort] Updating rules configuration for: VOICE ...
Aug 9 17:10:06   php-fpm   9124   /snort/snort_interfaces.php: [Snort] Building new sid-msg.map file for DMZ...
Aug 9 17:10:04   php-fpm   9124   /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: DMZ...
Aug 9 17:09:51   php-fpm   9124   /snort/snort_interfaces.php: [Snort] Updating rules configuration for: DMZ ...
Aug 9 17:09:48   php-fpm   9124   /snort/snort_interfaces.php: [Snort] Building new sid-msg.map file for IOT...
Aug 9 17:09:46   php-fpm   9124   /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: IOT...
Aug 9 17:09:32   php-fpm   9124   /snort/snort_interfaces.php: [Snort] Updating rules configuration for: IOT ...
Aug 9 17:09:29   php-fpm   9124   /snort/snort_interfaces.php: [Snort] Building new sid-msg.map file for GUEST...
Aug 9 17:09:27   php-fpm   9124   /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: GUEST...
Aug 9 17:09:14   php-fpm   9124   /snort/snort_interfaces.php: [Snort] Updating rules configuration for: GUEST ...
Aug 9 17:09:11   php-fpm   9124   /snort/snort_interfaces.php: [Snort] Building new sid-msg.map file for USER...
Aug 9 17:09:09   php-fpm   9124   /snort/snort_interfaces.php: [Snort] Enabling any flowbit-required rules for: USER...
Aug 9 17:08:56   php-fpm   9124   /snort/snort_interfaces.php: [Snort] Updating rules configuration for: USER ...
Aug 9 17:06:12   php-fpm   30733   /snort/snort_rules.php: [Snort] Building new sid-msg.map file for DMZ...
Aug 9 17:06:10   php-fpm   30733   /snort/snort_rules.php: [Snort] Enabling any flowbit-required rules for: DMZ...
Aug 9 17:05:57   php-fpm   30733   /snort/snort_rules.php: [Snort] Updating rules configuration for: DMZ ...

12
IPsec / Assigning fixed IP addresses to IKEv2 Clients
« on: April 24, 2017, 05:50:15 am »
Is it possible to assign a fixed IP address to the IKEv2 clients ?

Trying to allow two things :-

1) Myself full access to everything.

2) Friends internet access only.

Also P1 Protocol = AES (256 bits) P1 Transforms = SHA256 P2 Protocol = ESP P2 Transforms = AES (auto) P2 Auth Methods = SHA256, SHA384, SHA512 seems to work fine with IOS10 & OSX 10.12.4.

I've also got DH key group 14 set.

13
IDS/IPS / This may be a daft question about snort but ?
« on: March 23, 2017, 02:14:17 pm »
Just installed and configured snort for the first time today.

In Services -> Snort -> Interfaces what the significance of the blue background against the Description ?

14
DHCP and DNS / unbound config
« on: March 13, 2017, 03:12:58 pm »
I'm trying to stop unbound replying to my RFC918 ip address space on the WAN interface.

I've added the following to the Custom options, but digs are still responding with RFC1918 addresses when I point the following URL to my WAN interface :-

http://www.subnetonline.com/pages/network-tools/online-dig.php

private-address: 192.168.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8

I don't think I even need it looking at https://www.unbound.net/documentation/unbound.conf.html :-

private-address: <IP address or subnet>
              Give IPv4 of IPv6 addresses  or  classless  subnets.  These  are
              addresses  on  your  private  network, and are not allowed to be
              returned for public internet  names.   Any  occurrence  of  such
              addresses are removed from DNS answers. Additionally, the DNSSEC
              validator may mark the  answers  bogus.  This  protects  against
              so-called  DNS  Rebinding, where a user browser is turned into a
              network proxy, allowing remote access  through  the  browser  to
              other  parts of your private network.  Some names can be allowed
              to contain your private addresses, by default all the local-data
              that  you  configured  is  allowed to, and you can specify addi-
              tional names using private-domain.   No  private  addresses  are
              enabled  by default.  We consider to enable this for the RFC1918
              private IP address space by  default  in  later  releases.  That
              would  enable  private  addresses  for  10.0.0.0/8 172.16.0.0/12
              192.168.0.0/16 169.254.0.0/16 fd00::/8 and fe80::/10, since  the
              RFC  standards  say these addresses should not be visible on the
              public internet.  Turning on 127.0.0.0/8 would hinder many spam-
              blocklists   as  they  use  that.   Adding  ::ffff:0:0/96  stops
              IPv4-mapped IPv6 addresses from bypassing the filter.

Anyone got any tips?

15
DHCP and DNS / dhcpleases & unbound errors in the logs
« on: February 28, 2017, 01:00:36 pm »
I seem to get the following errors when restarting dhcp & unbound, anyone got any ideas, it seems to be working fine ?

Status -> System Logs -> System -> General  :-

Feb 28 18:33:53   dhcpleases      kqueue error: unkown
Feb 28 18:33:53   dhcpleases      Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
Feb 28 18:33:53   dhcpleases      /var/etc/hosts changed size from original!

Status -> System Logs -> System -> DNS Resolver :-

Feb 28 18:33:55   unbound   31461:0   info: start of service (unbound 1.6.0).
Feb 28 18:33:55   unbound   31461:0   notice: init module 1: iterator
Feb 28 18:33:55   unbound   31461:0   notice: init module 0: validator
Feb 28 18:33:55   unbound   31461:0   error: cannot chdir to directory: (No such file or directory)
Feb 28 18:33:55   unbound   31461:0   notice: Restart of unbound 1.6.0.



[2.3.3-RELEASE][admin@pfsense]/var/run: more unbound.pid
31461

[2.3.3-RELEASE][admin@pfsense]/var/run: ps -ax | grep 31461
31461  -  Ss     0:03.11 /usr/local/sbin/unbound -c /var/unbound/unbound.conf
54408  0  S+     0:00.00 grep 31461

[2.3.3-RELEASE][admin@pfsense]/var/run: ls -alg unbound.pid
-rw-r--r--  1 root  wheel  6 Feb 28 18:33 unbound.pid



Pages: [1] 2 3