Vulnerability??? SSH enabled seems to work from the WAN side??????



  • This is a new behavior but by chance did an SSH connection to the WAN side of a 1.22 router. I got the menu. Probably not what was intended. This has never been possible before without a bunch of fancy rules. It also means that if someone is unaware they could be vulnerable.



  • Just tried this myself and pfSense blocked the connection just like it should, pfSense 1.2.2 without any packages. Check your firewall rules.


  • Rebel Alliance Developer Netgate

    kpa is correct, out of the box, ALL incoming connections are blocked on the WAN, regardless of their destination port.

    If you can reach the ssh port on your pfSense box's WAN side, you either have a rule to allow the traffic, your rules aren't loaded at all, or the filter is disabled.



  • I have installed pfsense dozens of times and generally set it up the same. I will go through and do a fresh install. I am glad that it isn't an issue.

    Thanks



  • same problem here, pfsense ssh is open on some VIP's


  • Rebel Alliance Developer Netgate

    Arjen,

    Please provide more details about what you are seeing. Specifically:

    • What type of VIP you are using

    • What interface this VIP is set for

    • A full copy of your rules (From /tmp/debug.rules, or screenshots of the various rules tabs)

    I have never seen any kind of behavior like that, except where it was explicitly allowed.



  • i dit not allowed anything.
    but the ssh port (the pfsense ssh) is open on a Carp VIP (with ssh closed in forwarding and rules).

    i will send you the info asap.


Log in to reply