Possible Pfsense get Hacked by ISP
-
Dear All,
I suspect my home network is hacked by ISP although I have pfsense firewall configured, Snort packages install with legacy mode blocking with community, subscribe oinkcode rules. I had arpwatch installed and no sshd enabled.
The LAN computer is Fedora, ubuntu, GhostBSd and MS Window laptop. All deny incoming connection by default.Does Snort legacy mode blocking is not safe enough and need inline mode blocking is far more better?
Proof of suspicious:
My browser tab get refresh automatically even I did not instruct to do so. Hence, I suspect i get hacked.I have Kali linux installed onto my laptop. Please teach me how to penetrate testing my home network safetly level.
Open port from Fedora machine:
Any steps to further harden the open port connection?
Sorry if the topic is childish. Really appreciate your help. Thanks.
-
@peter_apiit said in Possible Pfsense get Hacked by ISP:
My browser tab get refresh automatically even I did not instruct to do so. Hence, I suspect i get hacked.
huh?? That makes no sense.. You understand there is a simple meta tag the site could set that refreshes the page right
https://en.wikipedia.org/wiki/Meta_refresh
Those are ports that are listening, etc.. I see no actual connections to anything there.
-
@peter_apiit what?
-
@johnpoz said in Possible Pfsense get Hacked by ISP:
@peter_apiit said in Possible Pfsense get Hacked by ISP:
My browser tab get refresh automatically even I did not instruct to do so. Hence, I suspect i get hacked.
huh?? That makes no sense.. You understand there is a simple meta tag the site could set that refreshes the page right
https://en.wikipedia.org/wiki/Meta_refresh
Those are ports that are listening, etc.. I see no actual connections to anything there.
First of all, thanks for your detail explanation.
-
Dear All, I turn the network on and go out for lunch and set the auto dim screen 1 minutes but it doesn;t turn off monitor. It seems suspicious.
Anything prevent it from auto dim since no one is using the Fedora GUI?
-
@peter_apiit said in Possible Pfsense get Hacked by ISP:
dim screen 1 minutes but it doesn;t turn off monitor. It seems suspicious.
I would suggest you read up on why that function might not work vs thinking you been hacked..
Maybe its time to lay off the paranoid inducing recreational substances ;)
https://thegeekpage.com/screen-wont-turn-off/
If you look about there are many a thread all over the net with sim issues about screen savers not kicking in, monitors not turning off, etc..
https://ask.fedoraproject.org/t/monitor-does-not-turn-off-after-idle-on-gnome-wayland/4425
What is more likely - something not working in that process, or the guys in black helicopters hacked you machine.. And btw they are also too stupid to let the screen dim while they are hacking ;)
Maybe your watching too many hacker tv shows/movies ;)
-
@peter_apiit said in Possible Pfsense get Hacked by ISP:
Anything prevent it from auto dim since no one is using the Fedora GUI?
Fedora is open source, so it's behaviour is well documented, and a lot of help is available. Although not here, as this forum is pfSense related.
All you need to know :
How does an OS decide if sleep mode has to be activated.
This will bring you to the " what does an OS need so the sleep mode isn't activated ".
And that will bring you to the process that keeps the system 'awake'.@peter_apiit said in Possible Pfsense get Hacked by ISP:
Possible Pfsense get Hacked by ISP
pfSense is as any other router firewall out there.
The moment you install it, nothing comes in through the WAN interface.
Then the "admin" starts modifying settings, add packages, etc. Now things can go down hill fast. It's rare, but it can happen.The next step is a no-brainer : the admin becomes an admin. The "slap front head" moment starts kicking in a lot. It's called leaning.
At this moment, the road continues with a T split :
Left : No one is actually tracing you **.
Right : The ISP is actually replaced by all the 3 letter agencies. Say goodbye to your civil rights, or stop doing what you are doing, fast. -
As easy test to prove network activity is keeping the machine awake is just to unplug it from the network and wait. Though if it is network activity it's probably completely legit anyway.
Steve
-
@stephenw10 I don't get what u mean. My TV Box run on WIFI network suddenly will go back few times on google play store. I did not press anything.
Is it possible to hack through snmp or others routing protocol by ISP?? I not a network expert so please forgive me asking stupid question.
-
@peter_apiit said in Possible Pfsense get Hacked by ISP:
Is it possible to hack through snmp or others routing protocol by ISP?
No, not as far as I know. There is certainly no known vulnerabilities in pfSense for that.
@peter_apiit said in Possible Pfsense get Hacked by ISP:
My TV Box run on WIFI
How is that connected? Through pfSense? If it's connected directly to an ISP router that traffic probably doesn't go through pfSense and there's nothing we can do about it anyway. Your ISP probably does have some visibility into IPTV devices if they provided them.
Steve
-
@stephenw10 said in Possible Pfsense get Hacked by ISP:
@peter_apiit said in Possible Pfsense get Hacked by ISP:
Is it possible to hack through snmp or others routing protocol by ISP?
No, not as far as I know. There is certainly no known vulnerabilities in pfSense for that.
@peter_apiit said in Possible Pfsense get Hacked by ISP:
My TV Box run on WIFI
How is that connected? Through pfSense? If it's connected directly to an ISP router that traffic probably doesn't go through pfSense and there's nothing we can do about it anyway. Your ISP probably does have some visibility into IPTV devices if they provided them.
Steve
The TV BOX connected via pfsense router.
-
So it's like an Android TV device or similar?
Your ISP is not going to 'hack' that. At worst I would think they may choose to block something it's trying to do. That's not going to present as Google play store going back a few times though. Sounds more like a sticky button on the remote.
Steve
-
@stephenw10 said in Possible Pfsense get Hacked by ISP:
Sounds more like a sticky button on the remote.
Or the app crashed and default back to like a "home" screen. Or the dog laid on the remote on the couch. Or the voice activation glitched when it "heard" something.
Or someone in another room did something on a remote that controls both, or can - or they were on the wrong device when they hit a button on the say like the roku app on their phone.. I can control any of my roku's from my phone - but have to select which one, etc.
There are like a billion things I could think of on why something like that happened - before I thought oh my gosh my isp is hacking me ;) Tracking you sure - the device itself is likely sending everything you do back up to the mother ship, what shows you watched, did swap channels when a commercial came on, etc.
My roku tv sometimes just shuts off on its own - maybe my isp is hacking me?? ;) There are hundred of threads about it happening, and things to try and get it to stop, etc. But maybe its just the ISP hacking away on them ;)
-
@stephenw10 Yes, It is a 3 party Android TV box connected to pfsense WIFI.
-
Yeah almost certainly not the result of hacking. Far more likely to be a software glitch or sticky button.
But, if we were to look at this from a security standpoint, a random ebay Android TV box is exactly the sort of device that should be isolated from your network. You probably have no idea what code it's running or where it's pulling updates from. The manufacturers may not know or care either. An exploit here might be someone hacking the update servers for that box and inserting their own code. Next time it updates, you're in a bot net. Or mining crypto for someone etc.
Steve
-
@stephenw10 said in Possible Pfsense get Hacked by ISP:
Yeah almost certainly not the result of hacking. Far more likely to be a software glitch or sticky button.
But, if we were to look at this from a security standpoint, a random ebay Android TV box is exactly the sort of device that should be isolated from your network. You probably have no idea what code it's running or where it's pulling updates from. The manufacturers may not know or care either. An exploit here might be someone hacking the update servers for that box and inserting their own code. Next time it updates, you're in a bot net. Or mining crypto for someone etc.
Steve
OK,Thanks for your explanation.
-
I found out the root cause of hacking activity. I have a laptop which distribute by my ISP and it has backdoor which uses to surveillance the user network activity. I understand i can format the PC but for precatious steps i want to harden the network security level.
How to block LAN to other same subnet computer only allow LAN to gateway?
-
You cannot do that at the firewall. Traffic between hosts in the same subnet doesn't go through the firewall. You would need a switch that has port isolation. Or use a new interface to create a new subnet and put the laptop in that.
But if you really suspect that someone has been hacking your network from your laptop (unlikely) then just don't connect it at all.
Steve
-
@peter_apiit said in Possible Pfsense get Hacked by ISP:
has backdoor which uses to surveillance the user network activity.
Dude lay off the HERB.. Or go with a different strain that doesn't cause your tinfoil hat to constrict.. What your saying is just nuts..
Your isp gave you a laptop with a backdoor installed so they can hack your TV? And put it back on the home store screen, and your other pc doesn't kick in screensaver?
Come on dude... Lay off the Mr Robot episodes for a bit maybe.
-
@stephenw10 said in Possible Pfsense get Hacked by ISP:
Or use a new interface to create a new subnet and put the laptop in that.
Perhaps I could use aother NIC for that since i got one spare NIC.
