Messages

1

Intrusion Detection and Prevention / Re: To block or reject connections on a specific port?

« on: July 11, 2024, 03:27:57 am »

Yeah, I have to work on filtering alerts from Monit. I'm getting spammed by security researchers checking for vulnerabilities.

Currently, I just have

Code: [Select]

content = "blocked" for my Surricata service tests. Is it possible to drop a file path in the Monit Service Tests Settings. I'm probably going to have to filter out a ton of junk.

Would

Code: [Select]

content = "blocked" && ((content = "<test signature>" && content != "<ip address>") || /* more false positives */ ) be the right way to filter?

2

Intrusion Detection and Prevention / To block or reject connections on a specific port?

« on: July 08, 2024, 12:39:26 am »

My intrusion detection keeps picking up a security company spamming my ports to check for vulnerable VOIP ports. I do not use VOIP, and monit keeps spamming my email with alerts over it. To silence it do I want to reject or block connections on that port? What's the difference between the two?

3

General Discussion / Sometimes connections go out through the wrong Gateway.

« on: June 07, 2024, 10:55:46 am »

I'm using Unbound to forward specific websites to DNSmasq, which I use to populate an external alias that sends those connections out through one gateway. On my firewall rulles, I have that rule placed above the rule for routing out my VPN's gateway. All of the default web traffic is supposed to go out over my VPN connection.

Normally, my forwarding rules make me successfully go out without using the VPN; but, on occasion connections still go out over the VPN. Does anyone know what might be causing me to go out the wrong way on occasion?

4

Tutorials and FAQs / Re: How to enable automatic microcode updates

« on: June 07, 2024, 10:48:53 am »

Wouldn't having this in a plugin improve the security of OPNsense?

I don't like having to venture into the repos of non-hardened BSD to install microcode updates. But, definitely running on bare metal those updates could have security and performance benefits. Is there any means of including this in an official plugin since we do not need this for VMs.

5

General Discussion / How to route traffice to specific gateways for specific websites.

« on: May 29, 2024, 01:32:13 am »

I have four use cases I'm trying to solve for. There are three solutions, which I need. I've already figured out the two general rules needed, but cannot figure out how to handle the exceptions properly.

I'm using GEOIP to send traffic to different wireguard gateways. If the site is located in the US it goes out though a US server. If not the US it goes out over my preferred wireguard gateway. This works perfectly well. Where I run into trouble is getting the exceptions to route traffic reliably. There are a few sites I either do not want going out over a VPN, or to use a VPN running Socks5.

I tried using the FQDN. That works until the site refreshes their IP. It's an issue with a mismatch between the DNS on my OPNsense box, and what IP the URL currently resolves to.  I also tried using ASN; however, a large amount of sites use the same ASNs. Is there a reliable means of doing this?

Would running a local DNS, and refreshing the database before visiting those sites work? Is there a means of doing that with Unbound?

6

Virtual private networks / Re: Adding Mullvad CA Certificate for OpenVPN.

« on: May 29, 2024, 01:21:38 am »

Found the setting under advanced settings.

7

Virtual private networks / Adding Mullvad CA Certificate for OpenVPN.

« on: May 28, 2024, 09:37:12 pm »

I'm stuck at setting a certificate for signing my client instance. I have the Mullvad certificate, which OPNsense is not letting me import under System --> Trust --> Certificate, as I do not have access to the private key. I tried importing it through System --> Trust --> Authorities; but, I cannot set that for OpenVPN client. I tried creating my own CA to see if I can sign a certificate using the imported Mullvad certificate as an authority. But, under "Sign a Certificate Signing Request" I do not know what to paste in the CSR file.

How can I properly import the CA given by Mullvad to get OpenVPN working?

8

Hardware and Performance / Re: Dec850 Bios update 10a not bootable.

« on: May 02, 2023, 10:07:44 pm »

Just used a larger usb, and it copied find.

9

Hardware and Performance / Dec850 Bios update 10a not bootable.

« on: May 01, 2023, 06:10:24 am »

I just downloaded the latest bios update. After dding it to a disk, from Arch Linux, it is not bootable on a Dec850. gparted keeps giving an error about not being able to have a partition outside of the disk. I saw a few posts saying that means there's space in the img that needs to be zeroed out. The partition has iba for the flag should I just add boot to that?

10

Virtual private networks / Re: Is routing traffic to specific websites through a specific endpoint possible?

« on: March 19, 2023, 04:18:31 am »

Found a solution that works. I just made separate VM, and route that VM through tor.

11

Virtual private networks / Re: Is routing traffic to specific websites through a specific endpoint possible?

« on: January 26, 2023, 09:13:51 am »

Hmm, how often do ip ranges switch for websites? I'm trying to not access this site from a country they do not provide services too. I might have my account closed.

Is there a means of running a script on my computer that switches the endpoint the router uses when I access the site? How would I setup passwordless login from a single device on the network?

12

Virtual private networks / Is routing traffic to specific websites through a specific endpoint possible?

« on: January 26, 2023, 02:27:01 am »

I'm using Wireguard, and would like to set it up so I don't have to manually change my endpoint for regional content. I have one entrypoint, and two endpoints. Through firewall rules I'm forcing all traffic to go out through my VPN. Is there any means of forcing traffic for specific websites out through a specific endpoint?

13

Intrusion Detection and Prevention / Firewall plugs into a dpn device. Which intrusion detection lists should I run?

« on: March 30, 2022, 03:22:08 am »

I just picked up a Deeper Network Mini for creating a node in a decentralized VPN service. I don't fully trust the device to not have anything malicious on it. I think I should probably be running some intrusion detection with it being on the network.

I'm not sure which lists to turn on. I just know turning everyone on is not recommended. Which ones should I be running? Are there any other steps I can take to protect myself in case this device has malicious code on it?

Ideally, I'd completely silo it off with a second internet connection, but that's not an option with my building.

14

General Discussion / Best security practices for a user with a login shell?

« on: November 03, 2021, 10:25:21 am »

Had a bit of an excursion where I had to recover a router without login shell access from any users. To fix this I've added bash as a login shell for my admin user. Should I keep this separate from the admin I use for the gui, locally? Which login shell is best for security purposes? Is there any reason to keep gui and console admins separate?

15

21.7 Legacy Series / Re: Locked out of DEC850. Any means of reseting to factory defaults?

« on: November 02, 2021, 11:22:41 pm »

Odd, just had to boot into Windows, and I was able to login.

Wonder if the VPN crashed eventually.