is someone hacking my OpenVPN? is my pfSense compramised?



  • This post is deleted!

  • LAYER 8 Global Moderator

    Oh you didn't know there are secret hidden accounts that the North Koreans use to vpn into your setup and steal all your secrets.. <rolleyes>

    And they pay netgate a $1 for every box that installs pfsense..

    Dude really??? But if you want to look to what accounts there are just do a cat on the passwd file

    cat /etc/passwd



  • you lost me, i dont understand the reason for your sarcasm? i have seen pfSense have configurations that dont appear in the GUI on more than one occasion . is there a way to check for an account someone might have created?


  • LAYER 8 Global Moderator

    I just showed you how to look for all accounts

    cat /etc/passwd

    Yeah there are some firewall rules that are hidden, because if they weren't idiot users would delete them and then wonder why shit didn't work ;) Secret accounts dude - really??? Who would of created these secret accounts, and they named it loot? That is a horrible secret account name.



  • no this user isnt listed in that file. any reason why a user could connect? maybe some kind of exploit? all i can tell you is what i see and also what in the logs and i know all the users on our system and can easily check what exist. what else can i say?


  • LAYER 8 Global Moderator

    Yeah there is an exploit that allow any account called loot to login with without a cert to openvpn.

    Are you running openvpn that just allows username password?? So now user can just login where there is no account on your system with that username?



  • This post is deleted!

  • LAYER 8 Global Moderator

    Where are the rest of your logs?

    That is not a full login.. What IP was given to the account... If your using certs for your auth, then that would be the cert name you created... Ie for example my phone cert is called iphone.. So when it logs in - that is what is logged.

    cert.jpg

    Bump your logging up...


Log in to reply