It's wrong to put an outdated and vulnerabilities filled opnsense image file on the download page. The image file should be updated as frequently as possible (it should at least be updated on a weekly basis).
It took me just a few minutes to down the image file but an hour plus to update it to the latest version. That one hour long update is enough for an attacker to break into my system. I installed the opnsense image and updated it to the latest version and setup everything nicely but the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker.
So you see, it's wrong not to patch the image file to the latest and equally wrong not to pack the latest ET rules into the image file.
Sure, just make sure to fund the work hours required to vet images for publication.
You see, publishing images is not the same as making sure they work.
Cheers,
Franco
Quote from: abcuser2021 on March 26, 2021, 07:37:35 AM
...the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker.
...
So it was still user pi / password raspberry? No exposure to the WAN (open ports in OPNsense)?
No other LAN clients compromised?
Wait what we are talking experimental ARM images? Hooray for open source :)
Quote from: franco on March 26, 2021, 09:59:56 AM
Wait what we are talking experimental ARM images? Hooray for open source :)
I always thought that my English is not that bad, but sometimes I simply don't get it... :)
You mean something like this:
https://forum.opnsense.org/index.php?topic=12186.msg105654#msg105654
?
Yes, experimental community work.
Cheers,
Franco
ARM is the future! Go ahead ;-)
Quote from: abcuser2021 on March 26, 2021, 07:37:35 AM
It's wrong to put an outdated and vulnerabilities filled opnsense image file on the download page. The image file should be updated as frequently as possible (it should at least be updated on a weekly basis).
It took me just a few minutes to down the image file but an hour plus to update it to the latest version. That one hour long update is enough for an attacker to break into my system. I installed the opnsense image and updated it to the latest version and setup everything nicely but the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker.
So you see, it's wrong not to patch the image file to the latest and equally wrong not to pack the latest ET rules into the image file.
IDK what you have done - but i don't think thats the fault of an OPNsense 21.1 System
Quote from: franco on March 26, 2021, 09:00:44 AM
Sure, just make sure to fund the work hours required to vet images for publication.
You see, publishing images is not the same as making sure they work.
Cheers,
Franco
There's no need to update all mirrors site image files every week if there's no man power to do so but an up to date image that includes all security fixes should be made available to users on opensense website.
Quote from: franco on March 26, 2021, 09:59:56 AM
Wait what we are talking experimental ARM images? Hooray for open source :)
No, it's not ARM image. The raspberry pi is a client on lan network.
There's still essential context missing from your request plus ambiguity regarding what an up to date image is? 6 months? More, less?
Cheers,
Franco
Quote from: chemlud on March 26, 2021, 09:07:28 AM
Quote from: abcuser2021 on March 26, 2021, 07:37:35 AM
...the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker.
...
So it was still user pi / password raspberry? No exposure to the WAN (open ports in OPNsense)?
No other LAN clients compromised?
No open ports on wan and pi password had been changed to a 16 characters password.
The crooked Telco staffs are part of the attackers. They have been attacking my pc, laptops and phones and turning off my devices is part of the their attack.
Quote from: franco on March 26, 2021, 06:28:34 PM
There's still essential context missing from your request plus ambiguity regarding what an up to date image is? 6 months? More, less?
Cheers,
Franco
Whenever there's a base update or security fix, the image file should be updated and published on daily or weekly basis.
Quote from: abcuser2021 on March 26, 2021, 06:37:45 PM
Quote from: chemlud on March 26, 2021, 09:07:28 AM
Quote from: abcuser2021 on March 26, 2021, 07:37:35 AM
...the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker.
...
So it was still user pi / password raspberry? No exposure to the WAN (open ports in OPNsense)?
No other LAN clients compromised?
No open ports on wan and pi password had been changed to a 16 characters password.
The crooked Telco staffs are part of the attackers. They have been attacking my pc, laptops and phones and turning off my devices is part of the their attack.
There isn't such a security bleach that makes these attacks possible in 21.1
Quote from: abcuser2021 on March 26, 2021, 06:37:45 PM
Quote from: chemlud on March 26, 2021, 09:07:28 AM
Quote from: abcuser2021 on March 26, 2021, 07:37:35 AM
...the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker.
...
So it was still user pi / password raspberry? No exposure to the WAN (open ports in OPNsense)?
No other LAN clients compromised?
No open ports on wan and pi password had been changed to a 16 characters password.
The crooked Telco staffs are part of the attackers. They have been attacking my pc, laptops and phones and turning off my devices is part of the their attack.
So basically "the Telco staff" is walking through (fire)walls? If your thread modell includes the NSA/GCHQ forget about anything to keep your privacy short of throwing all electronics into the trash.
Otherwise consult your doctor for adjustment of medications...
I love threads like this. They bring joy to my Fridays.
Quote from: lfirewall1243 on March 26, 2021, 06:47:42 PM
There isn't such a security bleach that makes these attacks possible in 21.1
if you download the latest image now and install it on your system and than click on the "update" button, you would see a list of vulnerabilities and those vulnerabilities are published publicly and any attacker can exploit those vulnerabilities to hack into your opnsense firewall while you are updating it and as I have said the update took more than an hour so......there's plenty of time for them to attack the opnsense firewall.
Quote from: chemlud on March 26, 2021, 08:13:46 PM
Quote from: abcuser2021 on March 26, 2021, 06:37:45 PM
Quote from: chemlud on March 26, 2021, 09:07:28 AM
Quote from: abcuser2021 on March 26, 2021, 07:37:35 AM
...the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker.
...
So it was still user pi / password raspberry? No exposure to the WAN (open ports in OPNsense)?
No other LAN clients compromised?
No open ports on wan and pi password had been changed to a 16 characters password.
The crooked Telco staffs are part of the attackers. They have been attacking my pc, laptops and phones and turning off my devices is part of the their attack.
So basically "the Telco staff" is walking through (fire)walls? If your thread modell includes the NSA/GCHQ forget about anything to keep your privacy short of throwing all electronics into the trash.
Otherwise consult your doctor for adjustment of medications...
They walk thru firewall that has tons of vulnerabilities. In your world such thing is a fairy tale but in the world where I live the head of police force complaining top cops receiving bribes and every week on the news there were victims either lose all their hard earned saving or a huge chunk of it got stolen by scammer thru online banking scam.
The scammers know everything about their victims (their banking info, online activities , names , family members etc).
But I guess it's hard to convince you and it's a waste of time to do so.
Quote from: abcuser2021 on March 27, 2021, 04:02:24 AM
Quote from: lfirewall1243 on March 26, 2021, 06:47:42 PM
There isn't such a security bleach that makes these attacks possible in 21.1
if you download the latest image now and install it on your system and than click on the "update" button, you would see a list of vulnerabilities and those vulnerabilities are published publicly and any attacker can exploit those vulnerabilities to hack into your opnsense firewall while you are updating it and as I have said the update took more than an hour so......there's plenty of time for them to attack the opnsense firewall.
Than proofe that these vulnerabilities are the reason for it.
Because even if there's such a vulnerability the WAN is closed.
Believe me - it security is part of my job. What You are talking here is bullshit, wrong and just bashing
So don't talk bad about something without facts...
Time to bring out the tinfoil hats - or better, close the thread, don't you think?
My tinfoil hat is pretty big, but the problem is mostly on the LAN side, i.e. Windows...
abcuser2021 (https://forum.opnsense.org/index.php?action=profile;u=28203) sole purpose here is to spread misinformation with an attempt to discredit OPNsense.
Linux, OpenBSD, Windows and FreeBSD and others normally don't provide up to date downloads unless you download current snapshots or experimental builds. One must download the release version then install all the updates.
If you're getting hacked you have some serious problems not related to OPNsense.
I don't see a reason here for discrediting. I asked for details twice but there aren't any. Not even sure which version we are talking about and if it was one that we published or not so from this perspective everything that needed to be done got done. :)
Cheers,
Franco
Quote from: lfirewall1243 on March 27, 2021, 06:40:36 AM
Than proofe that these vulnerabilities are the reason for it.
Because even if there's such a vulnerability the WAN is closed.
Believe me - it security is part of my job. What You are talking here is bullshit, wrong and just bashing
So don't talk bad about something without facts...
Ya right, I'm sure you got Phd. in IT security. WAN is closed all is safe???? Really?? You are working in IT security filed??
If WAN is closed all is safe then why the hell do we need IT security expert like you and why there's IPS/IDS etc at all?
for one, packet can't be altered to mess up your firewall?
I hope the company "hiring" you undestand what they are doing.
Quote from: packet loss on March 27, 2021, 03:13:28 PM
abcuser2021 (https://forum.opnsense.org/index.php?action=profile;u=28203) sole purpose here is to spread misinformation with an attempt to discredit OPNsense.
Linux, OpenBSD, Windows and FreeBSD and others normally don't provide up to date downloads unless you download current snapshots or experimental builds. One must download the release version then install all the updates.
If you're getting hacked you have some serious problems not related to OPNsense.
Most android phones don't get the latest security patch too, so does that mean it's ok?
Quote from: franco on March 27, 2021, 07:35:25 PM
I don't see a reason here for discrediting. I asked for details twice but there aren't any. Not even sure which version we are talking about and if it was one that we published or not so from this perspective everything that needed to be done got done. :)
Cheers,
Franco
I'm surprise, as a Admin you don't see that as a security risk and the necessity to highlight the problem to the dev team.
It's silly to think that the firewall will not be attacked during updating.
As a security software, all security hole should be sealed.
An outdated image that filled with vulnerabilities and required an hour to update is a major security hole that need to be taken seriously.
Quote from: abcuser2021 on March 28, 2021, 03:13:23 AM
Quote from: lfirewall1243 on March 27, 2021, 06:40:36 AM
Than proofe that these vulnerabilities are the reason for it.
Because even if there's such a vulnerability the WAN is closed.
Believe me - it security is part of my job. What You are talking here is bullshit, wrong and just bashing
So don't talk bad about something without facts...
Ya right, I'm sure you got Phd. in IT security. WAN is closed all is safe???? Really?? You are working in IT security filed??
If WAN is closed all is safe then why the hell do we need IT security expert like you and why there's IPS/IDS etc at all?
for one, packet can't be altered to mess up your firewall?
I hope the company "hiring" you undestand what they are doing.
I don't say everything is safe when wan is closed.
but most people are asking you to give us some facts about it - but no answer, so if you don't know how to use a computer, ask of help or stop it. But don't troll
But I think you're just trolling.
Quote from: lfirewall1243 on March 28, 2021, 03:32:58 AM
Quote from: abcuser2021 on March 28, 2021, 03:13:23 AM
Quote from: lfirewall1243 on March 27, 2021, 06:40:36 AM
Than proofe that these vulnerabilities are the reason for it.
Because even if there's such a vulnerability the WAN is closed.
Believe me - it security is part of my job. What You are talking here is bullshit, wrong and just bashing
So don't talk bad about something without facts...
Ya right, I'm sure you got Phd. in IT security. WAN is closed all is safe???? Really?? You are working in IT security filed??
If WAN is closed all is safe then why the hell do we need IT security expert like you and why there's IPS/IDS etc at all?
for one, packet can't be altered to mess up your firewall?
I hope the company "hiring" you undestand what they are doing.
I don't say everything is safe when wan is closed.
but most people are asking you to give us some facts about it - but no answer, so if you don't know how to use a computer, ask of help or stop it. But don't troll
But I think you're just trolling.
[/quote
It's not about proving and showing how the hacker exploit the vulnerability but recognising not making an updated image available could be a security risk for some users in some other country.
The point here is recognising that it is a security risk that need to be sealed off.
Yawn, it's just continuous riffing on the same buzz words, but still nothing specific. ¯\_(ツ)_/¯
Cheers,
Franco
Quote from: franco on March 28, 2021, 01:49:21 PM
Yawn, it's just continuous riffing on the same buzz words, but still nothing specific. ¯\_(ツ)_/¯
Cheers,
Franco
So... by pointing out - installing an outdated image that filled with security vulnerabilities and took more than an hour to update is a security risk - is not specific enough?
ok then you can close this thread now.
Quote from: abcuser2021 on March 28, 2021, 07:45:02 PM
Quote from: franco on March 28, 2021, 01:49:21 PM
Yawn, it's just continuous riffing on the same buzz words, but still nothing specific. ¯\_(ツ)_/¯
Cheers,
Franco
So... by pointing out - installing an outdated image that filled with security vulnerabilities and took more than an hour to update is a security risk - is not specific enough?
ok then you can close this thread now.
No it's not [emoji2357]
Quote from: abcuser2021 on March 28, 2021, 07:45:02 PM
Quote from: franco on March 28, 2021, 01:49:21 PM
Yawn, it's just continuous riffing on the same buzz words, but still nothing specific. ¯\_(ツ)_/¯
Cheers,
Franco
So... by pointing out - installing an outdated image that filled with security vulnerabilities and took more than an hour to update is a security risk - is not specific enough?
ok then you can close this thread now.
No, no, no. We want to know more. How was your raspi compromised? All the forensics. Show some logs, anything supporting the claims. Highly interested!
What I would like to know, Who in IT and / or security would place equipment as their primary connection ( in this case their FW) exposed to their Internet connection without updating it first. When you get new equipment, I have not seen, heard, nor placed any unconfigured equipment exposed to the Internet.
Even with new equipment, you place it inside your network (still using your old FW / router / whatever) download the needed updates, TEST, then install and switch over.
Why would someone place a newly unconfigured piece of equipment for use without configuring / setting it up as needed before allowing users access?
Case in point, when new computers are received by shipping, does IT start assigning and installing at a users location; or does it start placing them aside in a restricted network, download updates, configure AD, all the setup first?