1
General Discussion / What rules should I make to find short lived connections?
« on: June 06, 2022, 07:05:03 am »
What rules should I make to find short lived connections like ones made by malware?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
General Discussion / Is there a way to view older entries in the live view of firewall logs?
« on: February 17, 2021, 06:23:02 am »
Is there a way to view older entries in the live view of firewall logs?
I want to be able to see all the connections a client makes from the time it starts till it is shutdown. How can I do this? The live view is only showing few connections and older ones are replaced by newer ones.
I want to be able to see all the connections a client makes from the time it starts till it is shutdown. How can I do this? The live view is only showing few connections and older ones are replaced by newer ones.
3
21.1 Legacy Series / Download button is opening a webpage with text of ISO.
« on: February 14, 2021, 09:29:44 am »
When I press the download button, instead of allowing me to save the ISO file or IMG file, it is opening a webpage with garbled text, it is completely freezing the browser, I'm assuming it is the contents of the ISO file or IMG file.
To avoid this problem I have to right click on the download button and select something like save this file as to actually save the ISO file or IMG file.
To avoid this problem I have to right click on the download button and select something like save this file as to actually save the ISO file or IMG file.
4
General Discussion / Is there a way to find out what causes random freezing of OPNSense?
« on: February 02, 2021, 11:02:53 pm »
Is there a way to find out what causes random freezing of OPNSense?
Few days ago, there was a disconnection in WAN side, in the night, OPNSense froze, no clients were on during this time, when I turned on I couldn't access the webUI. I had to hard reset to get it back up.
I was wondering if anyone could have performed a man-in-the-middle attack while there was a disconnection in the WAN side, can I run any integrity checks or view logs? Where can I find system logs if it has been tampered with?
Or should reinstall the whole thing again?
Few days ago, there was a disconnection in WAN side, in the night, OPNSense froze, no clients were on during this time, when I turned on I couldn't access the webUI. I had to hard reset to get it back up.
I was wondering if anyone could have performed a man-in-the-middle attack while there was a disconnection in the WAN side, can I run any integrity checks or view logs? Where can I find system logs if it has been tampered with?
Or should reinstall the whole thing again?
5
General Discussion / How to create a list of IPs to allow access to while blocking everything else?
« on: January 30, 2021, 06:16:37 am »
I created an Alias list of IPs of websites I visit most, in OPT1 interface using this Alias I created a block firewall rule, in the destination portion, I selected invert match and used this alias, I saved this rule and applied. I disabled every other rule, and I tried accessing those sites and I wasn't able to access them, I couldn't ping them also.
What am I doing wrong?
I want to create a list of IPs to which my network has access, my network must not access to IPs which are not in that list.
What am I doing wrong?
I want to create a list of IPs to which my network has access, my network must not access to IPs which are not in that list.
6
General Discussion / Blocking Mozilla networks is preventing Firefox from accessing other sites.
« on: January 29, 2021, 03:15:23 am »
I have blocked two Mozilla networks, one is powered by Amazon Cloud and the other, Cloudflare. Despite this, Mozilla is opening, I tried pinging IP addresses in those networks and I wasn't getting any replies. So, I'm confused why this is happening.
And, when these two Mozilla networks are blocked, many sites are not opening in Firefox(I haven't tried other browsers), when I unblock those networks, those sites are opening. I've checked the IPs of the sites, and they are not in the blocked network. Is this because of some telemetry in Firefox?
And, when these two Mozilla networks are blocked, many sites are not opening in Firefox(I haven't tried other browsers), when I unblock those networks, those sites are opening. I've checked the IPs of the sites, and they are not in the blocked network. Is this because of some telemetry in Firefox?
7
General Discussion / Considering switching from IPFire to OPNSense
« on: January 21, 2021, 11:05:48 pm »
To make network secure, I have bought dedicated hardware(cpu, mb & ram) to maintain a firewall. Before I actually install and setup a firewall distro on a dedicated system, I take them for a test run in virutal machine.
I use VirtualBox and I setup two interfaces, 1 for LAN and the other for WAN. LAN interface has host-only adapter, WAN interface has NAT. I first tried pfSense with this, I couldn't get it to work, I think I typed the correct IP address for LAN interface, gateway and setup a DHCP server to issue IP addresses on LAN, but the client wasn't getting any IP addresses. It was a fluke I got it to work, the 3rd or 4th time I installed but the webGUI was counter-intuitive, I just couldn't figure how to view connections, and when I did, it was incomprehensible, it was just numbers, no color coding, how the f*ck would I know which are suspicious connections. Even the place where this is found seems counter-intuitive, pfSense places it under Diagnostics-States, I think it would have been better under Status-States, why can't they place under the heading of traffic or connections rather than states. While creating rules, I didn't know if I had to create rules in WAN interface or LAN interface, I was shocked to find I couldn't block websites without enabling a web proxy, which was equally counter-intuitive to setup.
After pfSense I tried Smoothwall, IPCop, OPNSense and IPFire, I can't remember in which order. Smoothwall and IPCop were equally incomprehensible. With OPNSense I could get it to work until I was able to access it's webGUI from the clients on LAN but they weren't able to access Internet, if anything I found OPNSense's interface to be even more counter-intuitive than others, although the webGUI of OPNSense was a lot nice to look at. Firstly, I couldn't find how to view connections, it was hidden under Firewall -> Logs -> something else. Why the f*ck can't you idiots make these easy to find? I typed connections, traffic in the search box and it wasn't showing, I clicked through sections on the left, but because of counter-intuitive names used for options under those sections, I couldn't find that. It was after searching the net, I found a reply here informing how to use it.
IPFire was just as bad, but it was a little easy to go around finding what I was looking for, I could see connections under the connections sections, although I couldn't immediately create a block rule or terminate a connection from there. It showed only numbers (IP addresses, ports) which was although irritating but not as much as others because it has color coding. I found creation of rules to be counter-intuitive not because of the words used but the non-standard semantics IPFire gave for them. They deliberately left out information from their wiki, like for example, in setting up web proxy, in the webui, it only shows port number, but it doesn't show which IP address to use for the proxy, without this information how would I configure a browser or client to use the web proxy, there is no information to figure out web proxy's IP address, I think this information should be shown in the webui and in the wiki but they left it out, when I asked about this on their forums, retarded sc*mbags descended on me and attacked me as if just having port information is sufficient to configure web proxy in clients and browser, and they suggested using a script.
As the rules I created weren't working I thought my IPFire was hacked and asked them if it'll be possible for IPFire creators to hack an individual's IPFire installation, a user answered no without explaining why and said they weren't working because of the way I configured, there aren't many ways to configure rules in IPFire, there is only way and I created 4 simple rules, these are shown in the image attached to this post. I was banned until 20 January 3021
I was previously angry with IPFire for lack of necessary features like ability to show domain names or URLs instead of IP addresses in the connections view, not allowing termination connection, creation of rules there, and the default firewall behavior of allowing all connections to be made, not allowing administration of firewall on the system where it is installed. I think they developed a grudge on me because of these things and hacked my IP Fire to make rules ineffective.
I'm very angry with almost all firewall distros, because I think creators are sc*mbags who advertise their product as free but set their sights on selling service by making the webui so counter-intuitive that it would require a diploma to administrate properly or the user has to buy service or help from the company.
There are security risks with administrating a firewall from a webui from other systems rather than doing it on the system where it is installed, not allowing terminations of connections and creation of rules from the connections view is an intention design to make the administration counter-intuitive and sell a service, showing IP addresses instead of domain names is for the same reason, allowing all outbound connections and accepting incoming connections from them is equally stupid, in this state, a firewall is useless. Nothing is stopping creators of firewall from making the administration of firewall easy to use. This is a sc*mbag move by firewall vendors.
I don't think many complicated concepts are involved to administrate firewall, creation of rules mostly involve IP addresses, Ports and Zones. Not difficult for people to understand and apply, something so simple has been made pretty impossible to utilize is abhorable.
I forgot to ask, can creators of hack OPNSense installations?
I use VirtualBox and I setup two interfaces, 1 for LAN and the other for WAN. LAN interface has host-only adapter, WAN interface has NAT. I first tried pfSense with this, I couldn't get it to work, I think I typed the correct IP address for LAN interface, gateway and setup a DHCP server to issue IP addresses on LAN, but the client wasn't getting any IP addresses. It was a fluke I got it to work, the 3rd or 4th time I installed but the webGUI was counter-intuitive, I just couldn't figure how to view connections, and when I did, it was incomprehensible, it was just numbers, no color coding, how the f*ck would I know which are suspicious connections. Even the place where this is found seems counter-intuitive, pfSense places it under Diagnostics-States, I think it would have been better under Status-States, why can't they place under the heading of traffic or connections rather than states. While creating rules, I didn't know if I had to create rules in WAN interface or LAN interface, I was shocked to find I couldn't block websites without enabling a web proxy, which was equally counter-intuitive to setup.
After pfSense I tried Smoothwall, IPCop, OPNSense and IPFire, I can't remember in which order. Smoothwall and IPCop were equally incomprehensible. With OPNSense I could get it to work until I was able to access it's webGUI from the clients on LAN but they weren't able to access Internet, if anything I found OPNSense's interface to be even more counter-intuitive than others, although the webGUI of OPNSense was a lot nice to look at. Firstly, I couldn't find how to view connections, it was hidden under Firewall -> Logs -> something else. Why the f*ck can't you idiots make these easy to find? I typed connections, traffic in the search box and it wasn't showing, I clicked through sections on the left, but because of counter-intuitive names used for options under those sections, I couldn't find that. It was after searching the net, I found a reply here informing how to use it.
IPFire was just as bad, but it was a little easy to go around finding what I was looking for, I could see connections under the connections sections, although I couldn't immediately create a block rule or terminate a connection from there. It showed only numbers (IP addresses, ports) which was although irritating but not as much as others because it has color coding. I found creation of rules to be counter-intuitive not because of the words used but the non-standard semantics IPFire gave for them. They deliberately left out information from their wiki, like for example, in setting up web proxy, in the webui, it only shows port number, but it doesn't show which IP address to use for the proxy, without this information how would I configure a browser or client to use the web proxy, there is no information to figure out web proxy's IP address, I think this information should be shown in the webui and in the wiki but they left it out, when I asked about this on their forums, retarded sc*mbags descended on me and attacked me as if just having port information is sufficient to configure web proxy in clients and browser, and they suggested using a script.
As the rules I created weren't working I thought my IPFire was hacked and asked them if it'll be possible for IPFire creators to hack an individual's IPFire installation, a user answered no without explaining why and said they weren't working because of the way I configured, there aren't many ways to configure rules in IPFire, there is only way and I created 4 simple rules, these are shown in the image attached to this post. I was banned until 20 January 3021
I was previously angry with IPFire for lack of necessary features like ability to show domain names or URLs instead of IP addresses in the connections view, not allowing termination connection, creation of rules there, and the default firewall behavior of allowing all connections to be made, not allowing administration of firewall on the system where it is installed. I think they developed a grudge on me because of these things and hacked my IP Fire to make rules ineffective.
I'm very angry with almost all firewall distros, because I think creators are sc*mbags who advertise their product as free but set their sights on selling service by making the webui so counter-intuitive that it would require a diploma to administrate properly or the user has to buy service or help from the company.
There are security risks with administrating a firewall from a webui from other systems rather than doing it on the system where it is installed, not allowing terminations of connections and creation of rules from the connections view is an intention design to make the administration counter-intuitive and sell a service, showing IP addresses instead of domain names is for the same reason, allowing all outbound connections and accepting incoming connections from them is equally stupid, in this state, a firewall is useless. Nothing is stopping creators of firewall from making the administration of firewall easy to use. This is a sc*mbag move by firewall vendors.
I don't think many complicated concepts are involved to administrate firewall, creation of rules mostly involve IP addresses, Ports and Zones. Not difficult for people to understand and apply, something so simple has been made pretty impossible to utilize is abhorable.
I forgot to ask, can creators of hack OPNSense installations?
Pages: [1]