ISP hacked OPNSense Router

Started by peterwkc, November 27, 2024, 09:23:29 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
December 17, 2024, 07:38:56 AM #30
Quote from: peterwkc on December 17, 2024, 07:15:18 AMI cannot attach screenshot due to size restriction but i want tell you all that i have 100% block packet in overview.

Of course you have. WAN by default blocks everything in. If something messed with your PC or your TV you possibly caught some malware. A firewall does not protect you from that. A firewall is a network security device. One does not need to "hack your OPNsense" for your PC to get compromised.

I would start investigating what really happened to your devices.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 17, 2024, 09:00:38 AM #31
Quote from: Patrick M. Hausen on December 17, 2024, 07:38:56 AM
Quote from: peterwkc on December 17, 2024, 07:15:18 AMI cannot attach screenshot due to size restriction but i want tell you all that i have 100% block packet in overview.

Of course you have. WAN by default blocks everything in. If something messed with your PC or your TV you possibly caught some malware. A firewall does not protect you from that. A firewall is a network security device. One does not need to "hack your OPNsense" for your PC to get compromised.

I would start investigating what really happened to your devices.

I don't have idea how to protect it. By the way, What is the log tell me?

LAN      2024-12-17T15:58:23   192.168.1.102:49770   165.154.1.118:10001   tcp   Default deny / state violation rule

December 17, 2024, 09:04:57 AM #32
Quote from: peterwkc on December 17, 2024, 09:00:38 AMI don't have idea how to protect it. By the way, What is the log tell me?

LAN      2024-12-17T15:58:23   192.168.1.102:49770   165.154.1.118:10001   tcp   Default deny / state violation rule
The internal system with IP address 192.168.1.102 sent a TCP packet to the Internet system with IP address 165.154.1.118 (somewhere in Hong Kong, probably) that did not belong to an established connection so the firewall dropped it.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 17, 2024, 09:34:20 PM #33 Last Edit: December 18, 2024, 12:23:12 PM by peterwkc
What are the crowdsec block lists you guys talking in this thread??

For the time being, I move my android TV box to opt1 n block the opt1 to lan net

What r the rules need to create for this purpose?
December 19, 2024, 03:42:56 AM #34
As promised, here is the screenshot.
Print
Go Up Pages 1 2 3
User actions