pfSense users are being under heavy attacks?
-
Today my Belgian clients are under heavy attacks. Some of them experienced their pfsense device hanged. It's seem the attackers used China's and German's networks. Luckily I got early warning from a good friend of mine and was able to minimize the damage, thanks Tony!
Do you guys experiencing these attacks too? -
-
@viragomann I don't know if it the same probs but dang today is just not my day.
-
It wasn't a pfsense thing - it was most likely this
https://therecord.media/belgiums-government-network-goes-down-after-massive-ddos-attack/
Here is belnet status on it https://status.belnet.be/incidents/71
Prob in retaliation for that Belgium moving the border ;)
https://www.bbc.com/news/world-europe-56978344
Belgian farmer accidentally moves French border -
@johnpoz thanks for the links. It was a terror attack according to local news. But strangely enough gov was also participating using the F.U.C.*.I.N.G-root servers attacks. Right now it seems to have stopped. But some of my client's hosts file has been changed.
-
I have no idea what your talking about with the root-servers? If the root servers were leveraged in the attack - it would be HUGE news, which have seen or heard nothing of the sort.
-
Does it still exist, the belgium ISP skynet ?
@akegec said in pfSense users are being under heavy attacks?:
It was a terror attack according to local news.
That would be upgraded a top-priority news info on all European TV channels within an hour.
Nothing is known in Gemany, Holland and France.
Britain : I don't know .... the Britisch didn't want to do the maintenance for the channel-tunnel on their side, so we flooded it.@akegec said in pfSense users are being under heavy attacks?:
But some of my client's hosts file has been changed.
Mega DOS - or whatever DNS issue can do lots of things. Although : crashing of routers is what you will see.
The (remote) access to a hosts file is an inside job, like the user installing a cracked Adobe Photoshop or another nasty executable. -
@gertjan said in pfSense users are being under heavy attacks?:
The (remote) access to a hosts file is an inside job
Yeah a ddos is not going to be making changes to a host file - now can a ddos be used in conjunction with some other hack/exploit - sure happens all the time. But running a ddos, to mask some attack to alter a host file? Not buying that at all.
A host file alteration is some really script kiddie shit done normally via some sort of malware.. If you had some remote exploit capable of remote manipulation of the host file - there would be far more efficient things you could do to compromise the system and give you control over it.
The problem with this Belgium attack - whatever it was, is outside of Belgium there is little info. I can not seem to find any info on it on any of the global ddos trackers. It can be a while before any detailed info is available that is for sure.
But mitigation of high level ddos - sure can effect traffic flow for many days or weeks even after. Peering and routing was most likely altered to help mitigate - which may have unforeseen issues with accessing specific areas of the global network, etc.
-
@johnpoz if you understand diplomacy you will also understand that some accidents or events are not for public consumption like USS Scorpion. Some people are already playing the blaming game, the attacks because of Islamic radicals. The same as for Corona virus, China got the blame while in early 2019 (before China) there were a mysterious vaping illness outbreak in the State, Hmm.. where could the origin of Covid19 be.. Fort Detrick, U.S. biological weapon lab?
Anyway I think yesterday attacks for some odd reason made my clients server-agents compromised.@Gertjan , Britain : I don't know .... the British didn't want to do the maintenance for the channel-tunnel on their side, so we flooded it. LOL That's a good one.