How i can hack my pfsense ?

whitexp

hello people,
I wonder how I can "hack" my pfSense, so I can be testing my security configurations!

recently set up snort and a series of security policies in my pfSense, I would like to test!

Mostly resistance in ddos atack!

thanks

Harvy66

"hacking" as in security, not much you can do. DOS/DDOS testing, I'm not sure what tool are out there.

kejianshi

Change your username/password to admin / pfsense

Then pull up the pfsense console.

Type in:

pfctl -d

Wait.

Assuming you are connected to internet, shouldn't be a long wait (-;

bennyc

Google for Kali Linux (or backtrack)
There's enough in that distro to keep you entertained for a while.
Expect a steep learning curve (make sure you understand what you are doing).

Keep it ethical, use inside your own network only. As usual, YMMV  ;)

muswellhillbilly

I've used Nessus (http://www.tenable.com/products/nessus?gclid=CPn4z8L2r8MCFYkKwwodnzkAPw) for running outside security tests against some of my externally-facing systems. OppenVAS is a free (as in beer) fork of Nessus, which went closed source/proprietary some years ago, if money is an issue.

KOM

Mostly resistance in ddos atack!

Nothing is resistant to being completely overwhelmed.  Even with pfSense dropping packets as fast as it can, a DDoS will blow you off the Internet if you don't have geographically-spread load-balancing protections in place, like CloudFlare.  I've said this a million times: if mitigating a DDoS was just a matter of running a good firewall then DDoS wouldn't be a problem for anyone anymore.

kejianshi

My DDOS strategy is "Grin and bear it" and be quiet about it and ignore it till people get bored with it.

Harvy66

@KOM:

Mostly resistance in ddos atack!

Nothing is resistant to being completely overwhelmed.  Even with pfSense dropping packets as fast as it can, a DDoS will blow you off the Internet if you don't have geographically-spread load-balancing protections in place, like CloudFlare.  I've said this a million times: if mitigating a DDoS was just a matter of running a good firewall then DDoS wouldn't be a problem for anyone anymore.

I think the main goal is to make sure bandwidth is your only DDOS issue. Nothing worse than someone sending 100Kb/s of data and DDOS'n your system because of some asymmetrical attack.

whitexp

thanks for the help guys!
I could understand!

dgall

Did you try to Kali linux against your pfsense and if so what were the results ?