Sabrina's questions

If nothing block the traffic, traceroute normally ends with the destination IP as the last hop. (10.1.1.10 in this case)

Normal traceroute would be like this.

user@linux:~$ traceroute 10.1.1.10
traceroute to 10.1.1.10 (10.1.1.10), 30 hops max, 60 byte packets
 1  10.2.8.2 (10.2.8.2)  0.572 ms  0.692 ms  0.837 ms
 2  10.1.9.50 (10.1.9.50)  202.638 ms 10.1.9.78 (10.1.9.78)  202.547 ms 10.1.9.50 (10.1.9.50)  202.139 ms
 3  10.1.4.9 (10.1.4.9)  202.508 ms  202.483 ms 10.1.4.13 (10.1.4.13)  204.149 ms
 4  10.1.1.10 (10.1.1.10)  202.133 ms  202.100 ms  202.692 ms
user@linux:~$ 

Recently, I encountered an issue whereby there was an additional hop (10.1.1.9) in the traceroute output (look at hop 5).

Source IP Address: 10.2.8.8

user@linux:~$ ifconfig | head -2
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.2.8.8  netmask 255.255.255.0  broadcast 10.2.8.255
user@linux:~$ 

Destination IP Address: 10.1.1.10

Additional hop: 10.1.1.9 ???

user@linux:~$ traceroute 10.1.1.10
traceroute to 10.1.1.10 (10.1.1.10), 30 hops max, 60 byte packets
 1  10.2.8.2 (10.2.8.2)  0.572 ms  0.692 ms  0.837 ms
 2  10.1.9.50 (10.1.9.50)  202.638 ms 10.1.9.78 (10.1.9.78)  202.547 ms 10.1.9.50 (10.1.9.50)  202.139 ms
 3  10.1.4.9 (10.1.4.9)  202.508 ms  202.483 ms 10.1.4.13 (10.1.4.13)  204.149 ms
 4  10.1.1.10 (10.1.1.10)  202.133 ms  202.100 ms  202.692 ms
 5  10.1.1.9 (10.1.1.9)  6201.720 ms !H * *
user@linux:~$ 

Also, if you look at hop 2 and 3, there is additional IP Addresses (10.1.9.78 & 10.1.9.50)

Why did this happen? I've never seen anything like this before.

Was this because of the server configuration?

I've just installed pfSense in VMware and play around with the settings.

Suddenly, I lost access to Web GUI.

I ran tcpdump on it and was able to see the packet from my notebook reached to it.

What went wrong?

How do I get the access back?

When pfSense is boot, the following menu is displayed on the screen.

When we select option number 8 (shell), how do we get back to the menu?

What is the filename for this menu?

I've just installed OpenVAS ... however when I checked on Feed Status, I found that OpenVAS CERT Feed is too old as shown in the screenshot below.

Too old (14 days) - Please check the automatic synchronization of your system

The solution suggested was to check automatic synchronization in the system. Unfortunately I was not sure how to do that.

I've searched around but couldn't find similar problem. So I guess posting the question here might be helpful.

OpenVAS CERT Feed Status: Please check the automatic synchronization of your system