• Have you read this news?

    What do you thing of pfsense? I know it's a diferent market but, could it happen to it also?

  • Banned

    For what its worth, yes….

  • Rebel Alliance Developer Netgate

    It depends on what part of the article you're concerned about addressing. I'd be more worried about the persistent hardware attacks using HDD firmware that are a worry no matter what OS you run.

    We've already had threads/debates about various aspects of the NSA issue with respect to pfSense, search the forum and mailing list (which had a really heated discussion).

    The real threat would be the NSA obtaining access to your hardware either after you received it, or (!)before – Or they were able to gain access somehow through an attack remotely. It wouldn't be anything pre-loaded with the OS, unless it's something that is pulled in from a third-party source (e.g. FreeBSD, OpenSSL, etc)

  • Banned

    Would they be able if using a hypervisor with no contact to the outside world??

  • Rebel Alliance Developer Netgate


    Would they be able if using a hypervisor with no contact to the outside world??

    I'm not sure anyone would be able to answer that with 100% certainty. As mentioned above, there is always a chance the hardware was touched before it ever reached you and then it may not matter what is running on the system, virtual or otherwise.

  • So… only way to be sure is to pull the plug… damn

  • @Hugovsky:

    So… only way to be sure is to pull the plug… damn

    Yes, the power plug. Just removing all the network cables still leaves the possibility that they built-in a radio device of some sort in the hardware (I suppose you can also put your hardware in a Faraday cage. You just have to live with the fact that, unless you own your own chip fabrication… plant then you have to rely on the hardware+firmware manufacturer actually building just what is advertised, which it seems you can't.

  • Netgate Administrator

    It's interesting to speculate on what sort of code they could possibly install into the BIOS that would then allow them to access the box remotely at a later date. Even more so into the HD firmware.
    I guess there are many server grade boards that have some out-of-band access system running at some low level independent of the OS. Most (all?) are still IP based though so you would be able to see the traffic. You'd be able to see it requesting an IP if it used DHCP. Perhaps the NSA have developed their own protocol that just looks like noise?

    Personally I dictate all my forum posts from inside my lead lined box.  ;)


  • Rebel Alliance Developer Netgate

    Now that researchers have some ideas where to look, it may only be a matter of time before the public gets more details from captured samples of what they actually have.

    The program could possibly alter outgoing packets in a subtle way to inject some data here and there in padded fields or in other places. They probably have compromised routers or handoffs in between to gather the data and maybe even strip off the payload before delivering it to the destination. There are loads of possibilities if you have some leverage on both the endpoint and in the middle.

    Side note: A GIS for "Faraday Cage Hat" has some really interesting/weird things in it.

  • Netgate Administrator

    Yes and it will be facinating to find out what's out there. Given the rest of the revelations I'm sure it'll be beyond anything I've imagined.
    I'm struggling to see how an altered hd firmware could be remotely accessible. Something in the spec allows the hd to run some compatibility code on the CPU? I would think that NIC firmware would be a better target.


  • LAYER 8 Netgate

    This is all very depressing.  Can Hifn and other accelerators be trusted?  Intel AES-NI? Probably not.

  • Who can you trust? No-one.

    FVEY nations are US, UK, Australia, Canada, and New Zealand, and if they're not doing it, the EU certainly will, which includes Germany and if not them then who?
    Well, definitely Russia, China, Japan, Korea, and there's absolutely no question about North Korea and Israel. Those last two are fanatics and snakes.

    The question then becomes..what?

    And the the answer is 'Collectivism'. Without a doubt, it's a competition on the centuries old question of, 'Who Will Control?' irrespective of who says what and the labels, names, or ideologies adopted.

    Remember, if you adopt an ideology, you won't see or recognize truth. This is subversion and the only way to counter that is realisation…and if you've never realised, or considered anything about the NSA since Snowden revelations, then you're naive and subverted. How are those 'conspiracy nuts' looking now?

  • To sum it up … A War between Good and Evil is coming ....

  • We need an open hardware revolution.  I VOLUNTEER AS TRIBUTE.  J/k I know nothing about hardware design or EE.

    I second the suspicion on CPU compromise, including but not limited to instruction sets like AES-NI.  Or NIC compromise.  And it turns out that a lot of the microcontrollers on a motherboard are hackable/tweakable.  Keyboard controllers, USB microcontrollers, HDD and flash-based storage microcontrollers…

    Also, can anyone well-versed in IPv6 and/or IPSec tell me if there's any integrity checking/HMAC that is native to IPv6 that can be implemented that can improve the future of the publicly routeable Internet?  I don't think the world is ready for IPv6, but I don't know much about it.  I wonder what NSA/GCHQ and other nation-states have in the works to monitor IPv6 traffic.

  • Netgate Administrator


    I wonder what NSA/GCHQ and other nation-states have in the works to monitor IPv6 traffic.

    I would be amazed if they weren't monitoring everything already. Honestly if these guys aren't using IPv6 then what hope is there.  :P I guess they might have some old tools that are IPv4 only but with their resources I shouldn't have thought that will hold them back for more than a day. The more likely scenario IMHO is that at some point a large amount of the internet is going to be forced to go IPv6 whether they're ready or not and at that point there will be a vast number of badly/misconfigured routers and firewalls making GCHQs job much easier.


  • Is it just me, but it seems some of the high traffic web sites for the past week or so are significantly slower?

    Ping time to the gateway in normal ….. shouldn't be getting lag ...... I can only assume that large internet providers have begun throttling since the FCC lost the War against Net Neutrality?

    You do know with Net Neutrality being killed its going to kill a lot of the small players on the web ..... And the corrupt corporate thugs will own the internet just as the own cable TV. I see this as a hostel takeover by the corporations to disrupt and take control of the FREE flow of uncensored information. You know there will be more and more regulations that will be passed in the future only to give the corporations/governments more power and control over the internet. This is not going to end well fokes ....

    How do you think this will affect you in the coming years?

  • Rebel Alliance Developer Netgate

    The FCC isn't giving up on Net Neutrality: http://www.computerworld.com/s/article/9246443/FCC_will_set_new_net_neutrality_rules

    But maybe they'll just buy their way into the standards: A "trusted proxy"? No thanks.

    And of course they could just do what they want anyway.

  • Netgate Administrator

    It's hard for me to get a grasp on this because here in the UK the broadband market is so different.
    Any idea just how much Netflix traffic, for example, is being throttled? What level of bandwidth is required to watch some thing in HD? Are they throttling to a level that is deliberately just below the minimum required to watch uninterrupted?


  • Its basically targeted mafia style extortion tactic.


    • If you don't pay us this amount $$$$$$ we will throttle your users down to a crawl.

    • We are throttling your users, if you don't pay us this amount $$$$$$ we will continue throttling your users, or maybe even block your site/apps from our networks all together.

    • We don't like your content, we are going to slow your users down to a crawl.

    • Your content is competing with our content, we are going to block your site from our network.

    • We don't like your content, we are going to block your site from our networks.

    • Government doesn't like your content, we are going to block your site from our networks.

    • Government doesn't like your content, we are going to slow your users down to a crawl.

    List goes on and on…...........

    Why do you think Google announced new build outs of fiber in major city's …... https://fiber.google.com/newcities/ They are going to try and side step the Mafias toll fees and charge their own fees for there products and services.

    Most Free web services will disappear in the future because the Mafia will incur financial burdens on site/app owners. This is going to be a disaster as the corporations will put the squeeze on entrepreneurs. Freedoms will fade into the sun set, and only darkness will exist …. The Evil Corporate Empire wins again... :-[

  • Netgate Administrator

    So it's not good then.  :P

    I see that Netflix has just caved. The start of the slippery slope.  :-\


  • The world politicians think the WWW was a mistake. They Hate the Idea that citizens have the freedom to exchange information and Ideas so quickly influencing the masses. KILLING net neutrality is the way they will begin to remove and disable these freedoms.

    The United Nations are in the mix to …. All global government entities are involved in destroying the WWW as we know it now ..... Its not just corporate GREED, it is the stripping of our ability to communicate our thoughts and Ideas to the masses. Our freedom to communicate empowers the people to organize ..... For what Governments have planned for the future, they need to disable/disrupt the flow of public information so they cripple our ability to ORGANIZE and influence the masses.

  • Fox Bros. Studios is the proud home of Conrad the Constitution. A series that follows Conrad, a living breathing version of the Unites States Constitution.
    Along side his best friend Ron Paul, Conrad fights tyranny and educates Americans about the great document he is.
    You'll be sure to see Conrad tackle, gun rights, the NSA, drones, NDAA, Obama Care, IRS, the Welfare State, Nanny State and more


    Youtube Video

  • Banned

  • Netgate Administrator

    Nice.  >:(

  • @Derelict:

    This is all very depressing.  Can Hifn and other accelerators be trusted?  Intel AES-NI? Probably not.

    The biggest benefit for AES-NI is network communications. NSA would have to have control of both sides because if AES-NI stopped working correctly on one side, it would break the connection. The biggest benefit would be causing AES-NI to not work on storage and that would require the NSA to entirely disable it, meaning their storage would stop working.

    It would only be beneficial for a select few cases where the window of opportunity would be very small, it would be easily detectable, and once word got out, Intel would have a horrible PR day.

  • IMO the NSA is a terrorist organization.  I stand by that statement and will not retract it.

    They remind me of an old Monte Python skit spoofing Robin Hood (Dennis Moore).  Eventually the NSA became what they were supposedly fighting.

  • They might as well…..........they've hired all those they were fighting..........they (xnazzi's and MB) have become them (NSA) Nincompoop Systemtic A**holes.

  • Given all that is currently happing, geo-politically wise, especially the plane, I am really wondering what happened in the world during the past 25 years.

  • Germany won the soccer world championship  :P


    … the world is turning faster, just to make YOU forget about Snowden.

  • Untold number of years ago, I recall learning that No Such Agency selected a few "smiling faces", and commanded then to 'sheath thine dagger', and open cloaks, in a P.R. campaign, reaching out to corporations, great and small.  They had giveaways, such as frisbees, with logos like, 'You gotta trust someone.'  See, they were proffering digital "security" software products.  "Yeeeeaaaas!  'Welcome to my parlor!', said the spider, to the fly."  (Has anyone seen Pulp Fiction?)

    Per this thread's weaving, and, as a newscaster might say, "In an 'unrelated' story"…  I've noticed my W.I.S.P.'s throttling, after issuing a vague policy...  But, if I say "Mesh Network", or "B.A.T.M.A.N." to anyone in my village of idiots, I might as well wear an overtly obvious Faraday Cage Hat.

    Maybe I'll get lucky and a Google Balloon will get blown off course, subesequently becoming permanently snagged amidst some undergarments, strung out to dry, in a nearby mobile home/trailer park. I would have all the "free" internet access I'd want, "if the price is right!"; that is, if Google approved of my browsing habits.  ;)