PFSense 3100 got totally hacked

My PFSense box got TOTALLY HACKED. Didn’t believe it was possible, as it had snort, and many other security measures discussed in Lawrence. And I mean totally hacked, which led to escalation hack on computer, and now totally worhtless (an Apple Macmini.) I had taken computer offline, as I suspected something was amiss, but put it back to do an iphone restore—which also did not work (but more likely for compatibility reasons). Ugh. Just wanted to throw that out there…

what ports were you forwarding from the public internet into the LAN or DMZ networks?

1 Like

I’d look up your IP address on shodan.io to see what ports are exposed. That might show you a port that’s open that you didn’t realize.
Obviously you’ll need to reload your pfsense but out of the box nothing external can access your firewall login page. It had to be some port you opened.

1 Like

Honestly, I don’t think your pfsense box has been hacked, except maybe if you have made the web interface, SSH or any other services running on it, accessible from the Internet. However, any poorly secured services running behind it, may very well have been attacked, if you exposed them to the internet via port forwarding. But that would not be the fault of pfSense, because if you forward certain ports and protocols to a machine behind the pfSense box, you basically take pfSense out of the game for this specific ports and connection types, and expose the matching services, running on the machine you port-forward to, directly to the internet. And of course, pfSense cannot automagically protect you from any trojans or malware that you may have picked up on your PC either. So there’s that…

When someone says their systems were “TOTALLY HACKED” I am very skeptical if they had them properly and securely configured. There are not any publicly known ways to bypass the security of pfsesnes but there are MANY ways for people to make mistakes such using weak passwords and publicly exposing admin ports.

3 Likes

Currently over 4500 [redacted] exposing pfsense to the internet.

https://www.shodan.io/search?query=pfsense

https://www.shodan.io/search?query=netgate

“SIASD” - Forrest Gump

1 Like

I, too, am really curious what you mean by “totally hacked”. Was the pfSense box itself compromised, or did something get through it, and end up wrecking your computer?

Was remote management enabled on the pfSense box? I’m assuming you weren’t using default passwords, etc? But like others have said, it sounds more like something else was amiss - but more details would really be helpful to understand the problem and cause.

I also show up on forums saying outlandish things providing no evidence and then disappear