Topics

It's wrong to put an outdated and vulnerabilities filled opnsense image file on the download page. The image file should be updated as frequently as possible (it should at least be updated on a weekly basis).

It took me just a few minutes to down the image file but an hour plus to update it to the latest version.  That one hour long update is enough for an attacker to break into my system. I installed the opnsense image and updated it to the latest version and setup everything nicely but the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker. 

So you see, it's wrong not to patch the image file to the latest and equally wrong not to pack the latest ET rules into the image file.

Rule : abuse.ch/ThreatFox

Error : [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"ThreatFox botnet C2 traffic (url - confidence level: 75%)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:""; depth:0; nocase; http.host; content:"monkeyplanet.net"; depth:16; isdataat:!1,relative; reference:url, threatfox.abuse.ch/ioc/2800/; target:src_ip; metadata: confidence_level 75, first_seen 2021_03_08; classtype:trojan-activity; sid:90002800; rev:1;)" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.threatfox.rules at line 714

are you guys having the same issues ? How to solve it?

TCP_MISS_ABORTED/000 0 GET http://archive.raspberrypi.org/debian/pool/main/r/raspberrypi-firmware/raspberrypi-kernel_1.20210303-1_armhf.deb - ORIGINAL_DST/46.235.231.145

It appeared that the error was caused by enabling archive scanning at icap - antivirus scan tab.

So what's the correct file size setting for scanning archive larger than 100mb ?