Messages

Yawn, it's just continuous riffing on the same buzz words, but still nothing specific. ¯\_(ツ)_/¯


Cheers,
Franco

So... by pointing out - installing an outdated image that filled with security vulnerabilities and took more than an hour to update is a security risk - is not specific enough?

ok then you can close this thread now.

Than proofe that these vulnerabilities are the reason for it.
Because even if there's such a vulnerability the WAN is closed.
Believe me - it security is part of my job. What You are talking here is bullshit, wrong and just bashing

So don't talk bad about something without facts...

Ya right, I'm sure you got Phd. in IT security. WAN is closed all is safe???? Really?? You are working in IT security filed??
If WAN is closed all is safe then why the hell do we need IT security expert like you and why there's IPS/IDS etc at all?
for one, packet can't be altered to mess up your firewall?

I hope the company "hiring" you undestand what they are doing.

I don't say everything is safe when wan is closed.

but most people are asking you to give us some facts about it - but no answer, so if you don't know how to use a computer, ask of help or stop it. But don't troll

But I think you're just trolling.
[/quote

It's not about proving and showing how the hacker exploit the vulnerability but recognising not making an updated image available could be a security risk for some users in some other country.

The point here is recognising that it is a security risk that need to be sealed off.

I don't see a reason here for discrediting. I asked for details twice but there aren't any. Not even sure which version we are talking about and if it was one that we published or not so from this perspective everything that needed to be done got done.  :)


Cheers,
Franco

I'm surprise, as a Admin you don't see that as a security risk and the necessity to highlight the problem to the dev team. 
It's silly to think that the firewall will not be attacked during updating.
As a security software, all security hole should be sealed.
An outdated image that filled with vulnerabilities and required an hour to update is a major security hole that need to be taken seriously.

abcuser2021 sole purpose here is to spread misinformation with an attempt to discredit OPNsense.

Linux, OpenBSD, Windows and FreeBSD and others normally don't provide up to date downloads unless you download current snapshots or experimental builds. One must download the release version then install all the updates.

If you're getting hacked you have some serious problems not related to OPNsense.

Most android phones don't get the latest security patch too, so does that mean it's ok?

Than proofe that these vulnerabilities are the reason for it.
Because even if there's such a vulnerability the WAN is closed.
Believe me - it security is part of my job. What You are talking here is bullshit, wrong and just bashing

So don't talk bad about something without facts...

Ya right, I'm sure you got Phd. in IT security. WAN is closed all is safe???? Really?? You are working in IT security filed??
If WAN is closed all is safe then why the hell do we need IT security expert like you and why there's IPS/IDS etc at all?
for one, packet can't be altered to mess up your firewall?

I hope the company "hiring" you undestand what they are doing.

...the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker. 
...

So it was still user pi / password raspberry? No exposure to the WAN (open ports in OPNsense)?

No other LAN clients compromised?

No open ports on wan and pi password had been changed to a 16 characters password.
The crooked Telco staffs are part of the attackers. They have been attacking my pc, laptops and phones and turning off my devices is part of the their attack.

So basically "the Telco staff" is walking through (fire)walls? If your thread modell includes the NSA/GCHQ forget about anything to keep your privacy short of throwing all electronics into the trash.

Otherwise consult your doctor for adjustment of medications...

They walk thru firewall that has tons of vulnerabilities. In your world such thing is a fairy tale but in the world where I live the head of police force complaining top cops receiving bribes and every week on the news there were victims either lose all their hard earned saving or a huge chunk of it got stolen by scammer thru online banking scam.

The scammers know everything about their victims (their banking info,  online activities , names , family members etc).

But I guess it's hard to convince you and it's a waste of time to do so. 

There isn't such a security bleach that makes these attacks possible in 21.1

if you download the latest image now and install it on your system and than click on the "update" button, you would see a list of  vulnerabilities and those vulnerabilities are published publicly and any attacker can exploit those vulnerabilities to hack into your opnsense firewall while you are updating it and as I have said the update took more than an hour so......there's plenty of time for them to attack the opnsense firewall.

There's still essential context missing from your request plus ambiguity regarding what an up to date image is? 6 months? More, less?


Cheers,
Franco

Whenever there's a base update or security fix, the image file should be updated and published on daily or weekly basis.

...the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker. 
...

So it was still user pi / password raspberry? No exposure to the WAN (open ports in OPNsense)?

No other LAN clients compromised?

No open ports on wan and pi password had been changed to a 16 characters password.
The crooked Telco staffs are part of the attackers. They have been attacking my pc, laptops and phones and turning off my devices is part of the their attack.

Sure, just make sure to fund the work hours required to vet images for publication.

You see, publishing images is not the same as making sure they work.


Cheers,
Franco

There's no need to update all mirrors site image files every week if there's no man power to do so but an up to date image that includes all security fixes should be made available to users on opensense website.

Wait what we are talking experimental ARM images? Hooray for open source :)

No, it's not ARM image. The raspberry pi is a client on lan network.

It's wrong to put an outdated and vulnerabilities filled opnsense image file on the download page. The image file should be updated as frequently as possible (it should at least be updated on a weekly basis).

It took me just a few minutes to down the image file but an hour plus to update it to the latest version.  That one hour long update is enough for an attacker to break into my system. I installed the opnsense image and updated it to the latest version and setup everything nicely but the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker. 

So you see, it's wrong not to patch the image file to the latest and equally wrong not to pack the latest ET rules into the image file.

Rule : abuse.ch/ThreatFox

Error : [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"ThreatFox botnet C2 traffic (url - confidence level: 75%)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:""; depth:0; nocase; http.host; content:"monkeyplanet.net"; depth:16; isdataat:!1,relative; reference:url, threatfox.abuse.ch/ioc/2800/; target:src_ip; metadata: confidence_level 75, first_seen 2021_03_08; classtype:trojan-activity; sid:90002800; rev:1;)" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.threatfox.rules at line 714

are you guys having the same issues ? How to solve it?

TCP_MISS_ABORTED/000 0 GET http://archive.raspberrypi.org/debian/pool/main/r/raspberrypi-firmware/raspberrypi-kernel_1.20210303-1_armhf.deb - ORIGINAL_DST/46.235.231.145

It appeared that the error was caused by enabling archive scanning at icap - antivirus scan tab.

So what's the correct file size setting for scanning archive larger than 100mb ?