ISP hacked OPNSense Router

Started by peterwkc, November 27, 2024, 09:23:29 AM

Previous topic - Next topic
Print
Go Down Pages 1 ... 3 4 5
User actions
January 08, 2025, 08:41:39 AM #60
My LAN Windows PC was affected where the pc change background and word document mess up.
January 08, 2025, 08:51:53 AM #61
Quote from: peterwkc on January 08, 2025, 08:41:39 AMMy LAN Windows PC was affected where the pc change background and word document mess up.

So far, so bad. You will need to investigate how that happened. But it does in no way imply that

- your OPNsense was compromised
- your ISP did it

Both things are highly unlikely even in the case of a breached Windows PC.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 10, 2025, 07:16:28 AM #62
Let me monitor few days and see.
January 10, 2025, 07:56:52 AM #63
Hackers might use your hardware as part of a botnet or for mining, discretely.
Or they might encrypt all your data for ransom. Or just steal it if it's valuable to them.

Announcing their presence with something as visible as a background change and messing with one file doesn't quite fit.
January 10, 2025, 08:16:04 AM #64 Last Edit: January 10, 2025, 08:19:34 AM by peterwkc
I have several cron job to periodic reset wan interface and now it is not working anymore. It doesn't renew my wan ip address anymore.
January 10, 2025, 09:27:14 AM #65
Quote from: peterwkc on January 10, 2025, 08:16:04 AMI have several cron job to periodic reset wan interface
Why?

Perhaps your ISP's system is slow to reconnect a system you have made appear flaky with resets.
Deciso DEC697
+crowdsec +wireguard
January 10, 2025, 09:55:20 AM #66
Quote from: peterwkc on January 10, 2025, 08:16:04 AMI have several cron job to periodic reset wan interface and now it is not working anymore. It doesn't renew my wan ip address anymore.
Quote from: peterwkc on December 28, 2024, 04:02:53 AMRecently my OPNSense reboot randomly. Possible of KVM over IP hack? Is it a hardware based remote access.

How to block/disable this?
Why do we keep returning to this thread, it's like a car crash thing. Guess the histerics of title and posts.
Anyways OP, check dmesg for hints. There's a good chance you have hardware problems, as told before. Nothing malign, just simple bad hardware. By the way, what is your hardware including NIC make, model? If reaktek, which driver are you using, the OPN default or another, which?
January 10, 2025, 07:44:41 PM #67
Check if your reboots are not related to kernel panic's, there have been several threads on this topic recently.
January 11, 2025, 11:45:17 AM #68
Quote from: borys.ohnsorge on January 10, 2025, 07:44:41 PMCheck if your reboots are not related to kernel panic's, there have been several threads on this topic recently.

I do have crash issue in the /var/log/dmesg. I using latest version.
January 11, 2025, 11:58:53 AM #69
Then why don't you post the "crash issue" here? None of us owns a crystal ball. The cause for your crashes is in that text!
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages 1 ... 3 4 5
User actions