Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Netgate 1100 reset admin password

    General pfSense Questions
    3
    4
    221
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      austinryan
      last edited by

      I bought a pfsense firewall. I was block A TON of malicious traffic. I first noticed in the settings that mutiple logins was set to 2 users. So I switched it to only one. AFter I did this the password was changed. How is this possible. I bought this straight from Netgate. Doesnt this mean the system must have been compromised during shipping?

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @austinryan
        last edited by

        @austinryan

        Several issues.
        The very first one : did the package was compromised when you received it ? As a 1100 isn't like the light bulb you bought on the Internet, but a security device.
        So, who cares what ever happened during the transport. When you take possession of your firewall, you'll build it from the ground up. Look here for example : Reinstalling pfSense on SG-1100.

        Next time you receive a critical device, or a light bulbk, or a coffee machine, etc, look carefully at the guy who delivered the package, and ask you the question "Could this guy have change the password ?"

        Also; when you receive your device - any device - update it first.

        @austinryan said in Netgate 1100 reset admin password:

        I was block A TON of malicious traffic.

        Bad news.
        pfSense can't block malicious traffic, as it doesn't and can't know what malicious traffic. is.
        pfSense is like the postal services : they look at the outside of the enveloppe, and according to the addresses marked on it, it routes the enveloppe to your place. pfSEnse will not look into the enveloppe (the payload) to see if content is 'ok' or not.

        As pfSense is a router/firewall, so any traffic initiated on the interface you've declared 'WAN' is blocked.
        This means : all traffic, no exceptions;
        So no 'login attempts' or whatever can happen, when the quest comes from WAN.
        On the LAN interface, you should hook up only device you trust, as these can access for example the GUI, or SSH if you've enabled it (by default, SSH is disabled).
        Devises that you have to give Internet access to, but that you trust less, should be hooked up to a third, LAN type interface (initially called OPT1) and on interface OPT1 you decide, with the help of firewall rules, what these device can do - and what the can't.

        pfSense isn't special in what it's doing. Every router firewall on planet earth does the exact same thing - and you don't have that many option for only ONE reason : less option means people have way less chance to f#ck it up (and then call the "support" of the ISP that they don't want to learn and that their device "doesn't work" ... yeah, right ... Go drive that car without a driver licence and assurance, and then call the car maker to tell them the car s#cks because it 'crashed' ...)
        pfSense is special because of its user interface, and the sheer number of gadgets it possesses.
        And don't fall into the trap : because you can admin pfSense with a GUI this doesn't mean 'networking' now became simple. It didn't. You still have to know the basics, and if you want to do more then basic WAN + LAN routing as any other simple ISP router out there, it's back to the bench time, and learn things.
        Never ever use/activate something you don't master. Things might to seem work, but you just became a danger to your own security.
        It's like jumping out of a plane : everybody will feel this nice sensation of the free fall.
        But only the one that learned that a parachute was needed, and took it with him, and know how to, operate it will live to tell about it.

        @austinryan said in Netgate 1100 reset admin password:

        first noticed in the settings that mutiple logins was set to 2 users.

        Where did you set that ?

        @austinryan said in Netgate 1100 reset admin password:

        AFter I did this the password was changed.

        The password changes when you change it. Not by some other random event.
        Btw : pfSense has a GUI access to administer the router firewall. Nice, right ?
        But they didn't tell the entire truth. Like any other device out there : camera, coffee machine, light bulb, your phone, TV, and even your lawn mower : it has a SSH or console access.
        So pfSense has also a console access, and this access is not some sort of a gadget. You need it !!
        For exemple : what if there is a issue with the interface ? You couldn't access to it anymore !! Come stop the rescue the console access.
        You can set a password there ;)

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        A 1 Reply Last reply Reply Quote 1
        • A
          austinryan @Gertjan
          last edited by

          @Gertjan I do appreciate you network guys attitudes, the ole slap around.

          I am new to pfsense and I mis spoke in a few cases. By block, I meant I installed snort on it and I'm detecting a lot of malicious traffic, port scanning and such.

          Thats the thing about the password, I didn't change it, but I looked in the logs and saw that it was changed.

          You pretty much answered my question though. My device or pc must have been compromised for something like this to happen.

          I will go through the complete fresh install of pfsense again and set it back up form scratch just to be on the safeside.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            What log did you see that implies the password had changed?

            I would guess a more likely explanation is that there were some login failures caused by the new login limitation?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.