• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

No Lan after hacking attempts

Scheduled Pinned Locked Moved General pfSense Questions
8 Posts 5 Posters 1.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    cajunzman
    last edited by cajunzman Jun 15, 2020, 4:28 AM Jun 15, 2020, 4:21 AM

    The title says it all. Got a call from a client today that his main building was offline. Had him check and reboot the standard stuff modem, firewall, switch no dice. I made an emergency call out at 9pm earlier today and found that the pfsense box (protectli vault) showed 1000gbit on the Lan interface autonegotiate port but the switch doesn't see any connection on any port its plugged into and the firewall Lan lights just stay solid. After checking the logs I see various attempts at malformed json and urls thrown at the firewall landing page that seem to roughly correspond to the time point of the site computers going offline. The only access I have to the firewall is from the web now nothing internal works. I've double checked my dhcp and everything it almost seems like the eth1 port just failed while still showing connected. I've rebooted it several times and even upgraded from 2.4.4 to 2.4.5. This setup is less than a year old and theyre open tomorrow with no phones or anything. I don't want to copy their backup to a new firewall from one of their less intensive locations just to have that config broken too. I'm more of a network guy not so much a programming or web dev. Can anyone see anything here that seems like it could have made it past the firewalls security? Side note the timing just happened to coincide with a storm in the area... alt text alt text

    F N 2 Replies Last reply Jun 15, 2020, 7:04 AM Reply Quote 0
    • F
      fireodo @cajunzman
      last edited by Jun 15, 2020, 7:04 AM

      @cajunzman said in No Lan after hacking attempts:
      Side note the timing just happened to coincide with a storm in the area...

      My feeling tells me that there was a surge spike that maybe killed the ethernet PHY ...

      Regards,
      fireodo

      Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
      SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
      pfsense 2.8.0 CE
      Packages: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches.

      1 Reply Last reply Reply Quote 0
      • G
        Gertjan
        last edited by Jun 15, 2020, 7:16 AM

        Hi,

        If possible, keep the 'original' LAN interface disconnected. Only 'you' should be using it, when you are physically present.
        All other users should be placed on one or more OPTx type interfaces width dedicated rules - like : no pfSense GUI/SSH access.
        This rules out any possible hack attempts.

        Btw : a non connected LAN interface tends also to be non sensible for electric surges - so it will be available when other NIC's need to be tested ;)

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • N
          NollipfSense @cajunzman
          last edited by Jun 16, 2020, 1:43 AM

          @cajunzman said in No Lan after hacking attempts:

          Side note the timing just happened to coincide with a storm in the area...

          So, why you introduced as "hacking" attempts? pfSense is not a consumer grade router that vulnerable and you mostly knew that was the cause.

          pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
          pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

          C 1 Reply Last reply Jun 16, 2020, 5:55 PM Reply Quote 0
          • C
            cajunzman @NollipfSense
            last edited by Jun 16, 2020, 5:55 PM

            @NollipfSense I had two units fail the exact same way on the same property in two different buildings. The protectli boxes use a 12v transformer and every connection goes through a 16 port poe switch before it gets to the firewall appliance so a surge spike going through the port or the 12v wall wart I deemed as highly unlikely due to my poe switch not being damaged. The storm was mentioned because of course the client was of course quick to fall under the same assumption and freak out that everything was fried.

            N 1 Reply Last reply Jun 19, 2020, 10:14 PM Reply Quote 0
            • C
              cajunzman
              last edited by Jun 16, 2020, 5:58 PM

              I believe it's been narrowed down to a hardware failure of some kind not necessarily something with pfsense. There are two pictures attached to my original post at the bottom that show my reason for posting here but it doesn't seem to be an issue with pfsense itself. I appreciate those that tried to help.

              1 Reply Last reply Reply Quote 0
              • C
                chpalmer
                last edited by Jun 16, 2020, 6:07 PM

                Lightning is a funny animal. It can damage equipment in the middle and seems to leave other equipment unscathed. But truthfully if you took a hit anywhere close you could start seeing premature equipment failures for sometimes years.

                Im a radio site tech and we take hits all the time. Our people collectively spend millions on lightning protection to make sure they survive.

                Triggering snowflakes one by one..
                Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                1 Reply Last reply Reply Quote 0
                • N
                  NollipfSense @cajunzman
                  last edited by Jun 19, 2020, 10:14 PM

                  @cajunzman Okay.

                  pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                  pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                  1 Reply Last reply Reply Quote 0
                  8 out of 8
                  • First post
                    8/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received