No Lan after hacking attempts
-
The title says it all. Got a call from a client today that his main building was offline. Had him check and reboot the standard stuff modem, firewall, switch no dice. I made an emergency call out at 9pm earlier today and found that the pfsense box (protectli vault) showed 1000gbit on the Lan interface autonegotiate port but the switch doesn't see any connection on any port its plugged into and the firewall Lan lights just stay solid. After checking the logs I see various attempts at malformed json and urls thrown at the firewall landing page that seem to roughly correspond to the time point of the site computers going offline. The only access I have to the firewall is from the web now nothing internal works. I've double checked my dhcp and everything it almost seems like the eth1 port just failed while still showing connected. I've rebooted it several times and even upgraded from 2.4.4 to 2.4.5. This setup is less than a year old and theyre open tomorrow with no phones or anything. I don't want to copy their backup to a new firewall from one of their less intensive locations just to have that config broken too. I'm more of a network guy not so much a programming or web dev. Can anyone see anything here that seems like it could have made it past the firewalls security? Side note the timing just happened to coincide with a storm in the area...
-
@cajunzman said in No Lan after hacking attempts:
Side note the timing just happened to coincide with a storm in the area...My feeling tells me that there was a surge spike that maybe killed the ethernet PHY ...
Regards,
fireodo -
Hi,
If possible, keep the 'original' LAN interface disconnected. Only 'you' should be using it, when you are physically present.
All other users should be placed on one or more OPTx type interfaces width dedicated rules - like : no pfSense GUI/SSH access.
This rules out any possible hack attempts.Btw : a non connected LAN interface tends also to be non sensible for electric surges - so it will be available when other NIC's need to be tested ;)
-
@cajunzman said in No Lan after hacking attempts:
Side note the timing just happened to coincide with a storm in the area...
So, why you introduced as "hacking" attempts? pfSense is not a consumer grade router that vulnerable and you mostly knew that was the cause.
-
@NollipfSense I had two units fail the exact same way on the same property in two different buildings. The protectli boxes use a 12v transformer and every connection goes through a 16 port poe switch before it gets to the firewall appliance so a surge spike going through the port or the 12v wall wart I deemed as highly unlikely due to my poe switch not being damaged. The storm was mentioned because of course the client was of course quick to fall under the same assumption and freak out that everything was fried.
-
I believe it's been narrowed down to a hardware failure of some kind not necessarily something with pfsense. There are two pictures attached to my original post at the bottom that show my reason for posting here but it doesn't seem to be an issue with pfsense itself. I appreciate those that tried to help.
-
Lightning is a funny animal. It can damage equipment in the middle and seems to leave other equipment unscathed. But truthfully if you took a hit anywhere close you could start seeing premature equipment failures for sometimes years.
Im a radio site tech and we take hits all the time. Our people collectively spend millions on lightning protection to make sure they survive.
-
@cajunzman Okay.