Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automation Networks allows discovery of invalid IP addresses #3932

Closed
razvanzeces opened this issue Nov 21, 2020 · 12 comments
Closed

Automation Networks allows discovery of invalid IP addresses #3932

razvanzeces opened this issue Nov 21, 2020 · 12 comments
Labels
bug Undesired behaviour resolved A fixed issue
Milestone

Comments

@razvanzeces
Copy link

Describe the bug

All of a sudden, I saw that the VM's vCPU it's at 99.9% and I checked the Cacti logs, I found out that I have a lot of errors like: "CMDPHP WARNING: ICMP Ping Error: cacti_gethostbyname failed for 10.118.30163.45"

Screenshots

If applicable, add screenshots to help explain your problem.
cactierr

Additional context

I didn't installed nothing new on Cacti, the Mikrotik plugin and Export to FTP are the only ones that are installed.

@razvanzeces razvanzeces added bug Undesired behaviour unverified Some days we don't have a clue labels Nov 21, 2020
@razvanzeces
Copy link
Author

Forgot to mention, Cacti it's the latest newest stable version Version 1.2.15.

@TheWitness
Copy link
Member

What OS? Is SELinux or App Armor enabled?

@razvanzeces
Copy link
Author

@TheWitness

OS: Debian 9.13
SELinux: not configured
App Armor: not configured

@TheWitness
Copy link
Member

Crap, look at your IP addresses, they are invalid...

@TheWitness
Copy link
Member

So, the errors are legit.

@razvanzeces
Copy link
Author

Well, I checked every of my device and that IP Address it's not part of a monitorised device.

So I don't know from where that IP Address it's comming from...

@razvanzeces
Copy link
Author

@TheWitness here's a screenshot from my devices.
cacti

@TheWitness
Copy link
Member

You have a network defined in Automation Networks that is kind of in that range. Do me a favor, start a manual scan, and then run the following SQL command:

SELECT ip_address FROM automation_ips;

See if you find some of these bogus IP addresses there. Post the network range definition in the Automation network definition.

@razvanzeces
Copy link
Author

You're right bro', it was the freaking automation :)).

Never tought about this. I disabled the Automation and deleted those shady devices that I didn't recognized.

Now log is clear. Do I need to keep automation enabled? @TheWitness

@TheWitness
Copy link
Member

What were the network ranges? Paste them here. We should add some checks to prevent this. So, paste what was in the range definition, and then we'll fix the badness.

@TheWitness TheWitness changed the title CMDPHP WARNING Automation Networks allows discovery of invalid IP addresses Nov 21, 2020
TheWitness added a commit that referenced this issue Nov 21, 2020
Automation Networks allows discovery of invalid IP addresses
@TheWitness TheWitness added resolved A fixed issue and removed unverified Some days we don't have a clue labels Nov 21, 2020
@TheWitness TheWitness added this to the v1.2.16 milestone Nov 21, 2020
TheWitness added a commit that referenced this issue Nov 22, 2020
- Automation Networks allows discovery of invalid IP addresses
- This change also deprecates and removes range support in the form of range1-range2, which was not documented in the tooltip help anyway.
@TheWitness
Copy link
Member

Closing this now. Sufficient checks are in place to block these invalid IP's now.

@razvanzeces
Copy link
Author

I'll post them tomorrow so you can have them.

@github-actions github-actions bot locked and limited conversation to collaborators Feb 21, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Undesired behaviour resolved A fixed issue
Projects
None yet
Development

No branches or pull requests

2 participants