Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense users are being under heavy attacks?

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 4 Posters 1.2k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • AKEGECA Offline
      AKEGEC
      last edited by

      Today my Belgian clients are under heavy attacks. Some of them experienced their pfsense device hanged. It's seem the attackers used China's and German's networks. Luckily I got early warning from a good friend of mine and was able to minimize the damage, thanks Tony!
      Do you guys experiencing these attacks too?

      V 1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann @AKEGEC
        last edited by

        @akegec
        Like this one?
        https://forum.netgate.com/topic/163508/please-help-freeze-pfsense/1

        AKEGECA 1 Reply Last reply Reply Quote 0
        • AKEGECA Offline
          AKEGEC @viragomann
          last edited by

          @viragomann I don't know if it the same probs but dang today is just not my day.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ Online
            johnpoz LAYER 8 Global Moderator @AKEGEC
            last edited by johnpoz

            It wasn't a pfsense thing - it was most likely this

            https://therecord.media/belgiums-government-network-goes-down-after-massive-ddos-attack/

            Here is belnet status on it https://status.belnet.be/incidents/71

            Prob in retaliation for that Belgium moving the border ;)
            https://www.bbc.com/news/world-europe-56978344
            Belgian farmer accidentally moves French border

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            AKEGECA 1 Reply Last reply Reply Quote 1
            • AKEGECA Offline
              AKEGEC @johnpoz
              last edited by

              @johnpoz thanks for the links. It was a terror attack according to local news. But strangely enough gov was also participating using the F.U.C.*.I.N.G-root servers attacks. Right now it seems to have stopped. But some of my client's hosts file has been changed.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ Online
                johnpoz LAYER 8 Global Moderator @AKEGEC
                last edited by

                I have no idea what your talking about with the root-servers? If the root servers were leveraged in the attack - it would be HUGE news, which have seen or heard nothing of the sort.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                GertjanG AKEGECA 2 Replies Last reply Reply Quote 0
                • GertjanG Offline
                  Gertjan @johnpoz
                  last edited by Gertjan

                  Does it still exist, the belgium ISP skynet ?

                  @akegec said in pfSense users are being under heavy attacks?:

                  It was a terror attack according to local news.

                  That would be upgraded a top-priority news info on all European TV channels within an hour.
                  Nothing is known in Gemany, Holland and France.
                  Britain : I don't know .... the Britisch didn't want to do the maintenance for the channel-tunnel on their side, so we flooded it.

                  @akegec said in pfSense users are being under heavy attacks?:

                  But some of my client's hosts file has been changed.

                  Mega DOS - or whatever DNS issue can do lots of things. Although : crashing of routers is what you will see.
                  The (remote) access to a hosts file is an inside job, like the user installing a cracked Adobe Photoshop or another nasty executable.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ Online
                    johnpoz LAYER 8 Global Moderator @Gertjan
                    last edited by

                    @gertjan said in pfSense users are being under heavy attacks?:

                    The (remote) access to a hosts file is an inside job

                    Yeah a ddos is not going to be making changes to a host file - now can a ddos be used in conjunction with some other hack/exploit - sure happens all the time. But running a ddos, to mask some attack to alter a host file? Not buying that at all.

                    A host file alteration is some really script kiddie shit done normally via some sort of malware.. If you had some remote exploit capable of remote manipulation of the host file - there would be far more efficient things you could do to compromise the system and give you control over it.

                    The problem with this Belgium attack - whatever it was, is outside of Belgium there is little info. I can not seem to find any info on it on any of the global ddos trackers. It can be a while before any detailed info is available that is for sure.

                    But mitigation of high level ddos - sure can effect traffic flow for many days or weeks even after. Peering and routing was most likely altered to help mitigate - which may have unforeseen issues with accessing specific areas of the global network, etc.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • AKEGECA Offline
                      AKEGEC @johnpoz
                      last edited by

                      @johnpoz if you understand diplomacy you will also understand that some accidents or events are not for public consumption like USS Scorpion. Some people are already playing the blaming game, the attacks because of Islamic radicals. The same as for Corona virus, China got the blame while in early 2019 (before China) there were a mysterious vaping illness outbreak in the State, Hmm.. where could the origin of Covid19 be.. Fort Detrick, U.S. biological weapon lab? 😉
                      Anyway I think yesterday attacks for some odd reason made my clients server-agents compromised.

                      @Gertjan , Britain : I don't know .... the British didn't want to do the maintenance for the channel-tunnel on their side, so we flooded it. LOL That's a good one. 🤣

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.