is someone hacking my OpenVPN? is my pfSense compramised?
-
This post is deleted! -
Oh you didn't know there are secret hidden accounts that the North Koreans use to vpn into your setup and steal all your secrets.. <rolleyes>
And they pay netgate a $1 for every box that installs pfsense..
Dude really??? But if you want to look to what accounts there are just do a cat on the passwd file
cat /etc/passwd
-
you lost me, i dont understand the reason for your sarcasm? i have seen pfSense have configurations that dont appear in the GUI on more than one occasion . is there a way to check for an account someone might have created?
-
I just showed you how to look for all accounts
cat /etc/passwd
Yeah there are some firewall rules that are hidden, because if they weren't idiot users would delete them and then wonder why shit didn't work ;) Secret accounts dude - really??? Who would of created these secret accounts, and they named it loot? That is a horrible secret account name.
-
no this user isnt listed in that file. any reason why a user could connect? maybe some kind of exploit? all i can tell you is what i see and also what in the logs and i know all the users on our system and can easily check what exist. what else can i say?
-
Yeah there is an exploit that allow any account called loot to login with without a cert to openvpn.
Are you running openvpn that just allows username password?? So now user can just login where there is no account on your system with that username?
-
This post is deleted! -
Where are the rest of your logs?
That is not a full login.. What IP was given to the account... If your using certs for your auth, then that would be the cert name you created... Ie for example my phone cert is called iphone.. So when it logs in - that is what is logged.
Bump your logging up...
-
Nearly all traffic is https these days. This implies that the 'router' - all routers - on the data path can not 'see' the traffic payload.
pfSense can not snip out parts and bits.
pfSense sees source and destination IP, ports, some packet flags, a packet size and number, and scrambled data. That's it.You could have added your own initial advice ; re install Windows ^^
Btw : routers can get hacked, of course. Not because the hacker wants to see what the users on the routers LAN(s) are doing. They have other interests.