Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Imnot A Robot

Pages: [1]

General Discussion / IoT Interface flooded with IANA

« on: December 15, 2021, 11:56:45 pm »

Hello,
Can someone offer some insight as to why my IoT interface is getting pounded with this IANA EMC-Documentum Content Server Product? If it's bad how do I stop it. If it's okay how do I stop seeing it?

Whois: https://findipv6.com/ipv6-whois/https://findipv6.com/ipv6-whois/fe80::76ac:b9ff:fed3:53cd
iana.org: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=10002
Port 10002: https://www.adminsub.net/tcp-udp-port-finder/10002

I have IPv6 deactivated/blocked.

    Interface       Time    Source    Destination    Proto    Label
   IoT      Dec 15 17:53:25   [fe80::76ac:b9ff:fed3:53cd]:53715   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:53:25   [fe80::76ac:b9ff:fed3:53cd]:46932   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:53:25   [fe80::76ac:b9ff:fed3:53cd]:33760   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:52:55   [fe80::76ac:b9ff:fed3:53cd]:39756   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:52:55   [fe80::76ac:b9ff:fed3:53cd]:59475   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:52:55   [fe80::76ac:b9ff:fed3:53cd]:41079   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:52:24   [fe80::76ac:b9ff:fed3:53cd]:52025   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:52:24   [fe80::76ac:b9ff:fed3:53cd]:59129   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:52:24   [fe80::76ac:b9ff:fed3:53cd]:34023   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:51:55   [fe80::76ac:b9ff:fed3:53cd]:60361   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:51:55   [fe80::76ac:b9ff:fed3:53cd]:53706   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:51:55   [fe80::76ac:b9ff:fed3:53cd]:54928   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:51:54   fe80::26f5:a2ff:fec3:25a0   ff02::1   ip   Block all IPv6
   IoT      Dec 15 17:51:25   [fe80::76ac:b9ff:fed3:53cd]:38620   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:51:25   [fe80::76ac:b9ff:fed3:53cd]:40426   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:51:25   [fe80::76ac:b9ff:fed3:53cd]:46277   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:50:25   [fe80::76ac:b9ff:fed3:53cd]:48740   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:50:25   [fe80::76ac:b9ff:fed3:53cd]:38381   [ff02::1]:10002   udp   Block all IPv6
   IoT      Dec 15 17:50:25   [fe80::76ac:b9ff:fed3:53cd]:39179   [ff02::1]:10002   udp   Block all IPv6

Thanks -Chris

21.7 Legacy Series / Unbound DoT uncertainty

« on: December 09, 2021, 05:48:34 pm »

The 1.1.1.1/help webpage shows "NO" on using DNS over TLS. However, Connectivity to Resolver IP Address is "YES"

I guess it's a Cloudflare engineering issue as per this post: https://community.cloudflare.com/t/cloudflare-dot-and-dnssec/118414/17

Still, any concerns with this log?

[65483:1] info: Verified that unsigned response is INSECURE
[65483:1] info: NSEC3s for the referral proved no DS.
[65483:1] info: reply from <.> 1.1.1.1#853

I already have FIREWALL and NAT>PORT FORWARD rules for port 53 as per OPNsense forum: https://forum.opnsense.org/index.php?topic=9245.0

Do I have to include port 853 rules anywhere in the firewall?

Thanks,
Chris
21.7.6

General Discussion / Health Audit - Error 2 Message

« on: December 06, 2021, 10:55:34 pm »

OPNsense was getting erratic and any relation my messing around with Sensei and ntopng possibly causing it is questionable. Normalcy was restored with the removal of the plugins, however, I'm getting this Error 2 message.

Any idea how I can fix it?

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 21.7.6 (amd64/OpenSSL) at Fri Dec 3 21:38:27 UTC 2021
>>> Check installed kernel version
Version 21.7.5 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.7.5 is correct.

>>> Check for missing or altered base files
Error 2 ocurred.
etc/sysctl.conf:
size (311, 611)
sha256digest (0x8c57d647047d84b9be4cddbb0b6d58c1d5839f148b62d1137b8bf2611f681cfd, 0x3e005c84fa203b0f56e38ee7d1fd21003ece7f945d69b8fd6bd1842bf5fddb69)

>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 66 dependencies to check.
Checking packages: .................................................................... done
***DONE***

Virtual private networks / Wireguard-go multiple endpoints question

« on: December 01, 2021, 03:04:14 am »

Using Wireguard-go as roadwarrior is suiting my needs well as a single iPhone VPN. Problems arise when I try to add more endpoints because the configurations don't work as I imagined -- basically I thought I just add more endpoints and reuse the original Local Config, Public Key, and Tunnel Address.

In a nutshell, for each additional device, do I reuse the the local config's (Public Key, Tunnel Address) and just add additional endpoints or do I need to create completely new Local Config + Tunnel pairs for each additional device?

Thanks,
Chris

General Discussion / Simple FW rule yet no internet

« on: November 26, 2021, 03:13:09 pm »

Can someone help me understand why I'm not getting internet on my IoT interface when I enable the Block Private Networks rule?

Private networks are: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16

There's 1 WAN interface, 1 LAN (192.168.1.1), & 1 IoT (192.168.2.1)

$:-\$ And I'm unable to insert the screenshot URL so I'm attaching it. Please have a look.

Thanks,
Chris

Pages: [1]