How to PREVENT ISP from ACCESSING my PFSENSE?

JKnott

@noplan said in How to PREVENT ISP from ACCESSING my PFSENSE?:

yes there have been some hard rumors that pfS is not safe and got a backdoor
out here in austria too.

Pfsense is built with open source software, which means it can be examined for any such backdoor. It is simply not possible to hide a backdoor.

JKnott

@johnpoz said in How to PREVENT ISP from ACCESSING my PFSENSE?:

Or that the whole covid thing is a plot to implant micro-chips into everyone and its all bill gates behind it ;)

WHAT??? That's not true??? I guess I haven't been paying enough attention to QAnon.

noplan

@johnpoz

oh cmonnnn mind control ... with water hey thats so 90ties ;)

yep the GDPR (or in german DSGVO) is a though one

but an ISP grantin his tech Stuff access to their own property (the modem / router) is not a violation of the GDPR

but for real here in the EU there is no such "nasty" thing for us europeans, like the patriot act
to force you by law to hand over what teh feds want, but thats another ballgame.

johnpoz

Here you go

login-to-view

This proves it ;)

noplan

@JKnott

yes i got that point, and then we have to tell em again and again what open source is and how it works, bottom line they dont care, cuz its not cool when u r playin a round of golf and tellin them that u use open source software in your 60 Mio EUR company.

they want to tell yeah i m usin cisco n citrix or bara...

noplan

@johnpoz

welcome to the consulting hell !
;)

kiokoman

login-to-view

Cool_Corona

We will see soon enough.

Currently intelligence agencies in countries in the EU are gong through the code of pfsense and Opnsense.

And testing the shit out of it.

So I will get back with some more info on this topic if and when I have some info to spare.

AKEGEC

Hi, I am from Belgium and I can tell you that Belgium’s ISP Proximus (Belgacom Mobile N.V.) is owned by the Belgium government and it is abusing it’s monopoly power. This is still happening because the corrupt politicians (parasites) don't care what the people want.


@Bob.Dig, if you are referring blocked users as layoffs IT people, then I can tell you that you are wrong. That’s called courage. Just like Edward Snowden.
FYI I had working experience with some great people from the IT industry who worked closely with Belgium’s ISP. Most of them already resigned because they were forced to do things against their morals and values.


@johnpoz, the Belgium people only see the facts and not some conspiracy theory. For example we do believe that Covid-19 started from the Fort Detrick Biological warfare laboratories in Maryland. Because in that same year, people got influenza or pneumonia, they (The New York Times) said it was caused by vaping? lol. And the infected USA soldiers brought to Wuhan for the Military World Games 2019. Why WO/2020/060606? Easy, just connect the dots.

@noplan, they are foreigners who live and work in Belgium.


That being said, no software in this world is 100% attack proof. There are some unknown security holes to explore. Like I found the other day with Pfsense.
Why do you think the developers often updated/patched their softwares?

noplan

@Cool_Corona

and as long as they are testing we continue too

use it
promote it
consult it
support it
even sell it

cuz its a hostile world out there and its better to be prepared to fight

noplan

@C3G3K4 said in How to PREVENT ISP from ACCESSING my PFSENSE?:

Belgacom Mobile N.V.

53.3% + 1 share state owned ..... so far far away from a governmental controlled ISP

its just a european thing to own part of the critical infra structure

but as the folks here (@JKnott @johnpoz @Rico ) mentioned
They can't access pfSense or your networks behind it.

... or as I would add unless you opend your wif on WAN:443 ;)

johnpoz

@C3G3K4 said in How to PREVENT ISP from ACCESSING my PFSENSE?:

That being said, no software in this world is 100% attack proof.

And who ever suggested such a thing? There is a huge difference between an exploitable issue, or lack of security configuration, bug or flaw in a protocol that becomes an attack vector to be exploited.. But that is a far cry for there is an "on purpose" backdoor embedded in code of the device/software by the maker in cahoots with some foreign government or agency or for that matter some nefarious cabal.

noplan

@johnpoz said in How to PREVENT ISP from ACCESSING my PFSENSE?:

And who ever suggested such a thing? There is a huge difference between an exploitable issue, or lack of security configuration, bug or flaw in a protocol that becomes an attack vector to be exploited.. But that is a far cry for there is an "on purpose" backdoor embedded in code of the device/software by the maker in cahoots with some foreign government or agency or for that matter some nefarious cabal.

as a matter of fact
I COULD NOT AGREE MORE WITH YOU ON THIS !
damn thats a TRUE STATEMENT !

johnpoz

What I find hilarious about these sorts of threads.. The last one that thought that pfsense was in cahoots with Belgium or the whole EU.

Was that he was seeing some log entries for root via 127.0.0.1 that he did not understand, so yeah the obvious and clear as day explanation is that his ISP was logging into his device via some backdoor that was put in place.

Lets put our tinfoil hats on as tight as possible, I mean really tighten that sucker down so it cuts off the blood flow.. And lets say pfsense is a member of some new world order cabal, or working with the CIA/NSA/MI6/BND/VSSE/MOSSAD or anything of the like..

Who is the clod setting up this secret backdoor - that was so stupid they couldn't get their backdoor not to log that access was used? I mean really!!

Lets say this secret agency / government wanted to track you.. For the life of me why? Would be my first question - you into some kiddie p0rn shit? You plotting to over throw the government? Maybe your about ready to out their secret cabal? Do you really think they would have need to be in cahoots of some open source firewall to track you? Or would they just install some tracking software right on your devices directly.. There might be a camera in your toilet.. Your best friend of 20 years is prob a sleeper agent they could just activate him ;)

But you know what - your going to thwart all their secret spying by making sure your dns doesn't leak ;)

A Former User

@johnpoz said in How to PREVENT ISP from ACCESSING my PFSENSE?:

But you know what - your going to thwart all their secret spying by making sure your dns doesn't leak ;)

LMAO

Bob.Dig

@johnpoz said in How to PREVENT ISP from ACCESSING my PFSENSE?:

by making sure your dns doesn't leak ;)

And moving it over to cloudflare and using https for it. ;)

johnpoz

Yeah because cloudflare which a huge % of the whole internet flows through - they would never work with any government agencies :) ROFL..

Nor have any interest in monetizing the info they have access too ;)

4o4rh

@johnpoz

@johnpoz said in How to PREVENT ISP from ACCESSING my PFSENSE?:

It really is a pretty out there claim, that the EU - which has some of the highest levels of user privacy requirements on the planet. You can not do this or that with user data, you can not collect it, without specific disclosure of what your collecting and what your doing with it.

But then would also have requirements that the government/ISPs has backdoor access into every device connected to the internet?

I mean really?? This akin to saying the government has been putting fluoride in the water for mind control purposes.. Or that the whole covid thing is a plot to implant micro-chips into everyone and its all bill gates behind it ;)

don't believe in myths. a whistle blower came out in 2015 on an investigative journalism program in the EU and detailed the installation of routing equipment for their national intelligence services on behalf of the NSA, routing all the country's meta data to the NSA and said intelligence org. It is also lawful for the intelligence & police services of said country to install malware on your equipment for the purposes of intelligence gathering....so anyone who relies on the established legal framework and fake privacy...is naive or a fool. in same country a private company happily obtains your personal details from the local council so they can extort a tv license fee from you.....where is your privacy protection there ;-)

JKnott

@gwaitsi

Monitoring traffic in transit is quite different from accessing your firewall. As for monitoring circuits, that's not that hard to do. Any tech working in a telecom central office, as I used to, can do it and there are many other points where circuits may be available for interception. Things are a bit more difficult these days with IP etc., but not impossible. That's why you're supposed to use end to end encryption if you want to keep things private.

What really gets me are the medical and legal professions insisting on using FAX, because they think it's secure. Yeah, right. For example, in many places phone lines are not hard to get to and are usually tagged with the phone number. You may recall the old "Winmodems" from back in the dark ages, where the modem relied on software loaded from the computer. It wouldn't take much for a knowledgeable person to modify one of those to monitor a FAX connection. The FAX machine ID is easily spoofed and one thing I did years ago, when I got a FAX modem, was I faxed myself a sheet with my signature on it, so I could cut 'n paste my signature onto a document, as though I had actually signed it, before faxing it out. Yep, really secure.

JKnott

@JKnott

Here's another example of great security. I recently filled out a form on line. In the past, it would have been signed and mailed in. Now, it's considered "digitally signed", if you just type your name in the box. My understanding of a digital signature is to use X.509 certificates and encryption. You can also use PGP or GPG.