ISP hacked OPNSense Router

[Patrick M. Hausen]

I cannot attach screenshot due to size restriction but i want tell you all that i have 100% block packet in overview.

Of course you have. WAN by default blocks everything in. If something messed with your PC or your TV you possibly caught some malware. A firewall does not protect you from that. A firewall is a network security device. One does not need to "hack your OPNsense" for your PC to get compromised.

I would start investigating what really happened to your devices.

[peterwkc]

I cannot attach screenshot due to size restriction but i want tell you all that i have 100% block packet in overview.

Of course you have. WAN by default blocks everything in. If something messed with your PC or your TV you possibly caught some malware. A firewall does not protect you from that. A firewall is a network security device. One does not need to "hack your OPNsense" for your PC to get compromised.

I would start investigating what really happened to your devices.

I don't have idea how to protect it. By the way, What is the log tell me?

LAN      2024-12-17T15:58:23   192.168.1.102:49770   165.154.1.118:10001   tcp   Default deny / state violation rule

[Patrick M. Hausen]

I don't have idea how to protect it. By the way, What is the log tell me?

LAN      2024-12-17T15:58:23   192.168.1.102:49770   165.154.1.118:10001   tcp   Default deny / state violation rule

The internal system with IP address 192.168.1.102 sent a TCP packet to the Internet system with IP address 165.154.1.118 (somewhere in Hong Kong, probably) that did not belong to an established connection so the firewall dropped it.

[peterwkc]

What are the crowdsec block lists you guys talking in this thread??

For the time being, I move my android TV box to opt1 n block the opt1 to lan net

What r the rules need to create for this purpose?

[peterwkc]

As promised, here is the screenshot.

[shored]

Most probably my ISP has hacked my router. (Dont' argue this). 

🤦

I used to know someone who'd make the same sort of absurd claims. He had to reinstall frequently because he kept getting hacked and he was absolutely sure it was *his ISP* doing it. "Don't tell me I'm wrong", he'd exclaim. It turned out he was freaking out and blocking inbound related/established packets, blocking himself from a working internet connection.

Acting without understanding why can be dangerous.

[peterwkc]

Recently my OPNSense reboot randomly. Possible of KVM over IP hack? Is it a hardware based remote access.

How to block/disable this?

[Patrick M. Hausen]

Random reboots are in almost all cases a hardware problem. Check power supply first. Connect a serial console and look what happens when it reboots. Stuff like that.

[FredsterNL]

Excuse me for using this german proverb, but do not fall for: "Operative Hektik ersetzt geistige Windstille".

Great proverb, I gotta remember than one :)