Messages

1

20.1 Legacy Series / Vulnerability Disclosure Process?

« on: April 09, 2020, 02:55:18 pm »

Hi,

I'm new to Opnsense so don't know what your processes are, I've stumbled upon a way to get a root shell without a login. Is there a process that isn't the public forum to disclose a vulnerability?

Thanks

2

General Discussion / Sonos across multiple subnets

« on: April 06, 2020, 10:00:33 pm »

Hi,

I am having some issues getting Sonos working across two subnets (LAN and Media) and I'm hoping that someone will be able to help.

The Sonos app uses multicast SSDP from an ephemeral port to 239.255.255.250:1900 to discover Sonos players in the same subnet. The response from the Sonos player is then sent back to the client on the original port from a new ephemeral port (one per player). I have attached a screenshot from Wireshark to show this where 192.168.10.51 is a client on my LAN and 192.168.20.101 & .102 are Sonos players my media subnet. For info the capture is taken from the firewall interface on the media subnet.



Currently I am using the UDP Broadcast Relay plugin (in development on the this forum) to relay the multicast SSDP packets from LAN to Media. As each Sonos replies from an ephemeral port I cant see a good way to allow the response back to my LAN. Other threads I have read on this issue seem to suggest that the players reply from port 1901 however this doesn’t seem to be the case for me.

I feel like I am missing something obvious here and would appreciate any help you can offer.

Thanks

3

General Discussion / Re: Installing Zeek/Bro

« on: March 29, 2020, 07:55:08 pm »

Thanks, fabian. Would it be a problem to build Zeek from source or install the FreeBSD pkg and run this on the same machine?

4

General Discussion / Installing Zeek/Bro

« on: March 29, 2020, 07:07:12 pm »

Hi,

Is it possible to install zeek (aka bro) on OPNsense? Does anyone have this working?

Thanks