Hotfix 160210

Open snort.rules and do a search for 2405000 which will bring up this rule:

drop tcp $HOME_NET any -> 50.116.1.225 22 (msg:"ET CNC Shadowserver Reported CnC Server Port 22 Group 1"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/BotCC; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 360, count 1; classtype:trojan-activity; flowbits:set,ET.Evil; flowbits:set,ET.BotccIP; sid:2405000; rev:4159;)

You have this rule more than once in your rulefile which is causing your error.. delete them all but one.

HI, Thanks can you confirm  is it located in etc/snort/rules/snort.rules ?

Please rollback to V5 of the update script to fix your issue. Minor bug in V6:

fw_upgrade.fw_upgrade

Please see: http://itus.accessinnov.com/Hotfix-160301-FINAL-td157i20.html

Hi, thanks ran  script  I have attached the SSH screen log

ssh.txt

Did it work? Don't forget to put the script in /etc/sbin/fw_upgrade so you don't revert back. With WinSCP you can even just copy/paste.

Hi, Thanks for the help can't see to log in to the shield in bridge mode I'm going to set up different router and hook it up to the shield to do some testing, just to confirm you want me to do the the  following steps

download the fw_upgrade script: fw_upgrade.txt
copy fw_upgrade.txt to the /sbin folder and rename it to fw_upgrade
Job schedule: In LuCI System>Scheduled Job 31 03 * * 0 sh /sbin/fw_upgrade (default settings)
Tun manually: In CLI sh /sbin/fw_upgrade

with the file  in the link you posted?

Thanks again

Hi, can you confirm if this would be the right steps for v5 ?

download the fw_upgrade script: fw_upgrade.txt
copy fw_upgrade.txt to the /sbin folder and rename it to fw_upgrade
Job schedule: In LuCI System>Scheduled Job 31 03 * * 0 sh /sbin/fw_upgrade (default settings)
Tun manually: In CLI sh /sbin/fw_upgrade

Since you are using WinSCP just copy the text and paste in into /etc/sbin/fw_upgrade then save. Your cronjob and CLI command are both correct.

Hi, I think I got it to work here is screen shots

Hi, Still can get any WAN traffic via the Shield  in bride  mode  here are the system log and  Kernel logs

System_Log.txt


Kernel_Log_3-21-16.txt


Thanks

In the screen shot with the cron list above, the first entry starts with 'Job'. I'm pretty sure that's not supposed to be there..

Mine:
22 03 * * * sh /sbin/fw_upgrade
30 04 * * * sleep 70 && touch /etc/banner && reboot
0 05 * * * /etc/init.d/dropbear restart
0 0 * * * /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart

Hi, Thanks removed it but still can get any internet traffic

Go to /etc/itus_dns.txt and delete the CONTENTS (not the file) and add just this one line in the file and save:

address=/example.org/10.9.8.112

Go to /etc/snort/rules/snort.rules and delete the CONTENTS (not the file) and save.


Restart dnsmasq: /etc/init.d/dnsmasq restart


Restart snort: /etc/init.d/snort restart

Hi,

I applied the hotfix, i can't ping or get the 10.10.10.10, i think i have bricked can you advise

Based on 10.10.10.10 i assume you are using Router mode (switch=R)? If so, does your laptop/PC get an IP assigned in the 10.10.10.x range?

In case of Brige mode, try https://192.168.0.111 (this depends on your DHCP server!)

Try https://shield.lan

Yes, I am using Router Mode, my Ipaddress is from router 192.168.178.30

I also tried connecting from eth2 to my laptop through lan, its still not working, how can i reset the unit, i am able to browse

You can always factory reset if you can't fix.

How can I reset it ?