Holy molly, is this firm evidence of a MITM being done on me?

  • I am aggregating the bandwidth from 2 ISP's using multiwan. Just tried to add a package and when I clicked on Packages I got a display that looked like the attachment.

    Is this definitive evidence of a man in the middle attack being done on me (or your server)?

    ![mitm evidence on pfsense.jpg](/public/imported_attachments/1/mitm evidence on pfsense.jpg)
    ![mitm evidence on pfsense.jpg_thumb](/public/imported_attachments/1/mitm evidence on pfsense.jpg_thumb)

  • Rebel Alliance Developer Netgate

    Not 100% certain. Possible, sure, but not certain.

    What version of pfSense is that? It could be that it doesn't trust the CA/Cert used on our server for some reason, or your clock could be wrong, or who knows what.

  • LAYER 8 Global Moderator

    what is the FQDN that is checked? Should be able to just use openssl to check the details of the cert, etc.

Log in to reply