View Single Post
  #7   (View Single Post)  
Old 26th July 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
Join Date: Jun 2008
Posts: 118

Originally Posted by rocket357 View Post
What, exactly, does pfctl -sr show?
Here is the content of pfctl -sr:

pass out inet6 proto ipv6-icmp on icmp6-type neighbrsol/routersol/neighbradv/routeradv

pass out inet6 proto udp from any port =546 to any port=547
pass out inet proto icmp all icmp-type echoreq
pass out inet proto udp from any port=68 to any port=67
pass out inet proto tcp from any port=53 flags S/SA

pass in inet6 proto udp from any port= 547 to any port= 546
pass in inet6 proto udp from any port to any port=22 flags S/SA
pass in inet6 udp from any port=67 to any port=68

pass on lo0 all flags S/SA
pass in proto carp all keep state (no-sync)
pass out proto carp all !received-on any keep state (no-sync)
I had tried to mount the pen drive and copy the whole hard disk file in tar gz but it said no such file or directory with the following command.

mkdir /mnt
mount /dev/sd0i /mnt/
tar -zcvf openbsd.tar.gz /
cp /home/peterwkc/openbsd.tar.gz /mnt/openbsd.tar.gz
The last command shows no such file or directory. I tried to issue mv command and it shows read only file system but i can mkdir and save changes to configuration file.

I could upload the openbsd.tar.gz so that anyone here can help to diagnose how the hacking was achieved.

Anything wrong with my current pf rules?
How the hacker gained root access?

I recall that i had set dhcp flag to dhcpd_flags="", ntpd listen on localhost and unbound server listen on localhost and internal interface.

Firewall state policy is set state-policy floating.

What is the difference between state-policy floating and if-bound.

Last edited by Peter_APIIT; 27th July 2015 at 01:59 AM.
Reply With Quote