Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - networker

Pages1
#1
17.7 Legacy Series / Re: I caused a disaster...
August 14, 2017, 03:57:39 PM
Thank you for these details.

I will try this later but on a non production server :)
#2
17.7 Legacy Series / Re: I caused a disaster...
August 13, 2017, 11:19:45 PM
Hi thank you for your the suggestion.

I used a Cisco ASA before. There, for a server 1:1 was the way to go. The server would have a private IP in the DMZ and its public IP will be held by the ASA and 1:1 translated. This would allow a fixed IP for the server but forces all traffic through the firewall where it can be analysed. Also, not everything is forwarded but only defined services (ports / protocols)
#3
17.7 Legacy Series / I caused a disaster...
August 13, 2017, 09:55:46 PM
Hello,

First of all, I would like to thank the developers of this project for the amazing job they did.

Today, I installed the latest version of OpenSense in an ESXi VM in order to test it for a future project. The host server is on OVH network.

I was following the documentation and implementing some configuration items. My goal was to create a 1:1 NAT in order to protect a web server.

I used 2 public IPs for WAN and LAN respectively (both IPv4 that were parked offline for the last 12 months with no traffic).

I followed the instructions here:
https://docs.opnsense.org/manual/how-tos/transparent_bridge.html

Because I felt a bridge was needed to achieve what I wanted.

The next thing I know after creating OPT1 is that the appliance was very slow (4 Gb RAM + 2 Xeon CPUs). I went to the dashboard and the traffic on OPT1 was going over 250 Mbps.

I don't think it was an external attack. That network is very clean with zero history off attacks. There is also a sold DDOS protection in place.

I tried to stop the VM but it was too late. I got this email from OVH:

Code Select
[TICKET#XXXXXX] Anti-hack

You server HOSTNAME has been placed in 'rescue' mode in order to prevent further problems.


sw.xxxxxx#show processes cpu sorted
CPU utilization for five seconds: 99%/22%; one minute: 99%; five minutes: 93%
PID Runtime(ms)     Invoked      uSecs   5Sec   1Min   5Min TTY Process
223    48263148   165070743        292 43.00% 39.76% 34.65%   0 HULC DAI Process
158  3588557668   853423768       4204  9.01% 11.39% 12.87%   0 Hulc LED Process
203    52958086   193512806        273  6.03%  6.50%  5.97%   0 IP Input
129   367976555    34145966      10776  1.37%  1.26%  1.19%   0 hpm counter proc
231     1498112     6118188        244  0.77%  0.93%  0.85%   0 Port-Security



Aug 13 16:46:50 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0050.5604.0c69 on port GigabitEthernet1/0/18.
Aug 13 16:47:03 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0050.5604.0c69 on port GigabitEthernet1/0/18.
Aug 13 16:47:24 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0050.5604.0c69 on port GigabitEthernet1/0/18.
Aug 13 17:14:36 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:14:41 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:14:46 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:14:51 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:14:57 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:15:02 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:15:07 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:15:12 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:15:17 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:15:22 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:15:27 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:15:32 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:15:37 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:15:42 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:15:47 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:15:52 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:15:57 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:16:02 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:16:07 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:16:12 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:16:17 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:16:22 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:16:27 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:16:33 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:16:38 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:16:43 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:16:48 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:16:53 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:16:58 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:17:03 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:17:08 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:17:13 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:17:18 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:17:23 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:17:28 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:17:33 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:17:38 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:17:43 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:17:48 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:17:53 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:17:58 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:18:03 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:18:08 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:18:13 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:18:18 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:18:23 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:18:29 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:18:34 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:18:39 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:18:44 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:18:49 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:18:54 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:18:59 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:19:04 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:19:09 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:19:14 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:19:19 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:19:24 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:19:29 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:19:34 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:19:39 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:19:45 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:19:50 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:19:55 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:20:00 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:20:05 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:20:10 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:20:15 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:20:20 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:20:25 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:20:30 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:20:35 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:20:40 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:20:45 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:20:50 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:20:56 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:21:01 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:21:06 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:21:11 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:21:16 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address ec30.91e0.df80 on port GigabitEthernet1/0/18.
Aug 13 17:21:21 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:21:26 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address ec30.91e0.df80 on port GigabitEthernet1/0/18.
Aug 13 17:21:31 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:21:36 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:21:41 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:21:46 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:21:51 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address ec30.91e0.df80 on port GigabitEthernet1/0/18.
Aug 13 17:21:57 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:22:02 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:22:07 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:22:12 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:22:17 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:22:22 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:22:27 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:22:32 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:22:37 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:22:42 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:22:47 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:22:52 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:22:57 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:23:03 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:23:08 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:23:13 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:23:18 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:23:23 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:23:28 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:23:33 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:23:38 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.





The ESXi host was put in rescue mode and labeled as hacked.

I contacted OVH with some apologies then restarted the host in normal mode but kept the OPNSense VM offline (powered off).

Here are the MAC address I used for my interfaces:

em0 (WAN) - (MAC: 4E) 00:50:56:09:8a:4e
em1 (LAN) - (MAC: 00) 00:50:56:0c:e1:00


This can help you to read the  message above.

I don't know what happened. Maybe I caused a loop between the LAN / WAN interfaces and the OVH port.

I can try to power on the VM without connecting it and try to grab a config from the console access.



Pages1