Possible Pfsense get Hacked by ISP

Gertjan

@peter_apiit said in Possible Pfsense get Hacked by ISP:

Anything prevent it from auto dim since no one is using the Fedora GUI?

Fedora is open source, so it's behaviour is well documented, and a lot of help is available. Although not here, as this forum is pfSense related.

All you need to know :
How does an OS decide if sleep mode has to be activated.
This will bring you to the " what does an OS need so the sleep mode isn't activated ".
And that will bring you to the process that keeps the system 'awake'.

@peter_apiit said in Possible Pfsense get Hacked by ISP:

Possible Pfsense get Hacked by ISP

pfSense is as any other router firewall out there.
The moment you install it, nothing comes in through the WAN interface.
Then the "admin" starts modifying settings, add packages, etc. Now things can go down hill fast. It's rare, but it can happen.

The next step is a no-brainer : the admin becomes an admin. The "slap front head" moment starts kicking in a lot. It's called leaning.
At this moment, the road continues with a T split :
Left : No one is actually tracing you **.
Right : The ISP is actually replaced by all the 3 letter agencies. Say goodbye to your civil rights, or stop doing what you are doing, fast.

stephenw10

As easy test to prove network activity is keeping the machine awake is just to unplug it from the network and wait. Though if it is network activity it's probably completely legit anyway.

Steve

Peter_APIIT

@stephenw10 I don't get what u mean. My TV Box run on WIFI network suddenly will go back few times on google play store. I did not press anything.

Is it possible to hack through snmp or others routing protocol by ISP?? I not a network expert so please forgive me asking stupid question.

stephenw10

@peter_apiit said in Possible Pfsense get Hacked by ISP:

Is it possible to hack through snmp or others routing protocol by ISP?

No, not as far as I know. There is certainly no known vulnerabilities in pfSense for that.

@peter_apiit said in Possible Pfsense get Hacked by ISP:

My TV Box run on WIFI

How is that connected? Through pfSense? If it's connected directly to an ISP router that traffic probably doesn't go through pfSense and there's nothing we can do about it anyway. Your ISP probably does have some visibility into IPTV devices if they provided them.

Steve

Peter_APIIT

@stephenw10 said in Possible Pfsense get Hacked by ISP:

@peter_apiit said in Possible Pfsense get Hacked by ISP:

Is it possible to hack through snmp or others routing protocol by ISP?

No, not as far as I know. There is certainly no known vulnerabilities in pfSense for that.

@peter_apiit said in Possible Pfsense get Hacked by ISP:

My TV Box run on WIFI

How is that connected? Through pfSense? If it's connected directly to an ISP router that traffic probably doesn't go through pfSense and there's nothing we can do about it anyway. Your ISP probably does have some visibility into IPTV devices if they provided them.

Steve

The TV BOX connected via pfsense router.

stephenw10

So it's like an Android TV device or similar?

Your ISP is not going to 'hack' that. At worst I would think they may choose to block something it's trying to do. That's not going to present as Google play store going back a few times though. Sounds more like a sticky button on the remote.

Steve

johnpoz

@stephenw10 said in Possible Pfsense get Hacked by ISP:

Sounds more like a sticky button on the remote.

Or the app crashed and default back to like a "home" screen. Or the dog laid on the remote on the couch. Or the voice activation glitched when it "heard" something.

Or someone in another room did something on a remote that controls both, or can - or they were on the wrong device when they hit a button on the say like the roku app on their phone.. I can control any of my roku's from my phone - but have to select which one, etc.

There are like a billion things I could think of on why something like that happened - before I thought oh my gosh my isp is hacking me ;) Tracking you sure - the device itself is likely sending everything you do back up to the mother ship, what shows you watched, did swap channels when a commercial came on, etc.

My roku tv sometimes just shuts off on its own - maybe my isp is hacking me?? ;) There are hundred of threads about it happening, and things to try and get it to stop, etc. But maybe its just the ISP hacking away on them ;)

Peter_APIIT

@stephenw10 Yes, It is a 3 party Android TV box connected to pfsense WIFI.

stephenw10

Yeah almost certainly not the result of hacking. Far more likely to be a software glitch or sticky button.

But, if we were to look at this from a security standpoint, a random ebay Android TV box is exactly the sort of device that should be isolated from your network. You probably have no idea what code it's running or where it's pulling updates from. The manufacturers may not know or care either. An exploit here might be someone hacking the update servers for that box and inserting their own code. Next time it updates, you're in a bot net. Or mining crypto for someone etc.

Steve

Peter_APIIT

@stephenw10 said in Possible Pfsense get Hacked by ISP:

Yeah almost certainly not the result of hacking. Far more likely to be a software glitch or sticky button.

But, if we were to look at this from a security standpoint, a random ebay Android TV box is exactly the sort of device that should be isolated from your network. You probably have no idea what code it's running or where it's pulling updates from. The manufacturers may not know or care either. An exploit here might be someone hacking the update servers for that box and inserting their own code. Next time it updates, you're in a bot net. Or mining crypto for someone etc.

Steve

OK,Thanks for your explanation.

Peter_APIIT

I found out the root cause of hacking activity. I have a laptop which distribute by my ISP and it has backdoor which uses to surveillance the user network activity. I understand i can format the PC but for precatious steps i want to harden the network security level.

How to block LAN to other same subnet computer only allow LAN to gateway?

stephenw10

You cannot do that at the firewall. Traffic between hosts in the same subnet doesn't go through the firewall. You would need a switch that has port isolation. Or use a new interface to create a new subnet and put the laptop in that.

But if you really suspect that someone has been hacking your network from your laptop (unlikely) then just don't connect it at all.

Steve

johnpoz

@peter_apiit said in Possible Pfsense get Hacked by ISP:

has backdoor which uses to surveillance the user network activity.

Dude lay off the HERB.. Or go with a different strain that doesn't cause your tinfoil hat to constrict.. What your saying is just nuts..

Your isp gave you a laptop with a backdoor installed so they can hack your TV? And put it back on the home store screen, and your other pc doesn't kick in screensaver?

Come on dude... Lay off the Mr Robot episodes for a bit maybe.

Peter_APIIT

@stephenw10 said in Possible Pfsense get Hacked by ISP:

Or use a new interface to create a new subnet and put the laptop in that.

Perhaps I could use aother NIC for that since i got one spare NIC.

stephenw10

Yes, you could. That way it can be isolated from the other interfaces.

Peter_APIIT

@stephenw10 I have tried to do a fresh installation of pfsense, after install snort and its ruleset. It good for a while but after that the snort ruleset get flush out and display as Not downloaded. I 100% confirm that the ruleset is downloaded previously. How my ISP able to do that? Please enlighten me.

stephenw10

@peter_apiit said in Possible Pfsense get Hacked by ISP:

How my ISP able to do that?

They are not. What makes you think they are?

Peter_APIIT

@stephenw10 said in Possible Pfsense get Hacked by ISP:

@peter_apiit said in Possible Pfsense get Hacked by ISP:

How my ISP able to do that?

They are not. What makes you think they are?

Then why my Snort rule set get flush out.

johnpoz

@peter_apiit said in Possible Pfsense get Hacked by ISP:

Then why my Snort rule set get flush out.

It sure isn't your "isp" hacking you.. Maybe its the MIB, or the NSA - but it sure isn't your isp ;)

Does your refrigerator light stay on when you close the door - I would check that, that is clear sign of NSA hacking..

You need to drill a hole in the door - but its well worth it to know if your being hacked or not - I'm kidding btw.. Please do not drill a hole in your refrigerator door..

stephenw10

There are any number of reasons why your Snort rules could (appear to be) cleared. Check the Snort and System logs.
It being the result of hacking is extremely unlikely. Apart from anything else it would serve no purpose and be a very obvious change. What hacker would do that? None.

Steve