View Single Post
  #7   (View Single Post)  
Old 26th July 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 118
Default

Quote:
Originally Posted by rocket357 View Post
What, exactly, does pfctl -sr show?
Here is the content of pfctl -sr:

Code:
pass out inet6 proto ipv6-icmp on icmp6-type neighbrsol/routersol/neighbradv/routeradv

pass out inet6 proto udp from any port =546 to any port=547
pass out inet proto icmp all icmp-type echoreq
pass out inet proto udp from any port=68 to any port=67
pass out inet proto tcp from any port=53 flags S/SA

pass in inet6 proto udp from any port= 547 to any port= 546
pass in inet6 proto udp from any port to any port=22 flags S/SA
pass in inet6 udp from any port=67 to any port=68

pass on lo0 all flags S/SA
pass in proto carp all keep state (no-sync)
pass out proto carp all !received-on any keep state (no-sync)
I had tried to mount the pen drive and copy the whole hard disk file in tar gz but it said no such file or directory with the following command.

Code:
mkdir /mnt
mount /dev/sd0i /mnt/
tar -zcvf openbsd.tar.gz /
cp /home/peterwkc/openbsd.tar.gz /mnt/openbsd.tar.gz
The last command shows no such file or directory. I tried to issue mv command and it shows read only file system but i can mkdir and save changes to configuration file.

I could upload the openbsd.tar.gz so that anyone here can help to diagnose how the hacking was achieved.

Anything wrong with my current pf rules?
How the hacker gained root access?

Recall:
I recall that i had set dhcp flag to dhcpd_flags="", ntpd listen on localhost and unbound server listen on localhost and internal interface.

Firewall state policy is set state-policy floating.

What is the difference between state-policy floating and if-bound.

Last edited by Peter_APIIT; 27th July 2015 at 01:59 AM.
Reply With Quote