My OPNSense box get hacked by ISP

Started by peterwkc, May 25, 2022, 08:08:54 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 25, 2022, 08:08:54 AM
Dear all forumer,
I had installed OPNSense version 22 to my latest Dell Inspiron 3020 desktop, after few hours all my settings get mess up already.
I had disable ssh remote login services.

This is the sign of hacked by someone. How they could do it? I don't understand. Please enlighten me. Thanks.

May 25, 2022, 08:22:46 AM #1
HAHAHAHAHAHAHAHAHAHAHAHAHAHAAHHAHA

You gotta be kidding us.....
May 25, 2022, 12:17:52 PM #2
Peter, this isn't much to go by. Do you have more specifics of what happened and what settings got messed up?
May 25, 2022, 01:54:50 PM #3
These are the three settings that I remember:
I enable the DHCP server to serve specific Mac address - - deny unknown clients but the check box is unchecked
Lan unable to browse internet need reset to factory defaults
I can observe that they open multiple console by pressing Alt + F2/F3 etc

No SSH login enabled
Limited open port

Please provide some guidance to me how to further harden my opnsense box. Appreciate your help. Thanks





May 25, 2022, 02:17:54 PM #4
Quote from: peterwkc on May 25, 2022, 01:54:50 PM
I can observe that they open multiple console by pressing Alt + F2/F3 etc
So somebody had physical access to your OPNsense box?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 25, 2022, 02:37:41 PM #5
No my ISP doesn't have physical access to my opnsense box. I try to limit the console by edit the /etc/ttys but it will restore to default after reboot.

What is serial console??
How to further protect the console???

May 25, 2022, 02:59:25 PM #6
Usually you can close and lock the door of a server rack or server room. However, I'm unsure what "I can observe that they open multiple console" means. Are they OPEN or have they been USED? Because there is such a thing as auto-login you can enable from the GUI...


Cheers,
Franco
May 25, 2022, 03:07:38 PM #7
Where to disable the auto login from GUI??
Thanks for your help..
May 25, 2022, 03:09:54 PM #8
System: Settings: Administration: Password protect the console menu, but it's on by default for exactly this reason. ;)


Cheers,
Franco
May 26, 2022, 04:39:34 AM #9
Anyone have idea how my ISP hacked me??

Questions
1. How to enforce no remote terminal is use?
2. How to further harden the IPS??

Please help. Thanks
May 26, 2022, 04:45:26 AM #10 Last Edit: May 26, 2022, 04:58:31 AM by bunchofreeds
What experience do you have in setting up firewalls and routers?

This may help us to answer your questions...
Print
Go Up Pages1
User actions