My OpenBSD machine was hacked

[Peter_APIIT]

Dear All,

First of all, thanks for reading this thread. I would like to tell you all that my OpenBSD 5.7 was hacked recently.

I have little knowledge about networking and thus I have no idea how the hacker able to hack the machine.

My firewall script was not loaded at run time where the hacker firewall rules was loaded at run time. The hacker is able to upload his script to my OpenBSD machine and edited my machine.

This was verfied using pfctl -sr command.
I did not change the kernel security level to 2 (My mistake).
I'm following the good practices of a OpenBSD firewall configuration rules

/etc/pf.conf

Quote:

ext_if="fxp0"
int_if="vr0"

allowPort="{53, 80, 443}"
netbios="{137,138,139,445}"

set block-policy drop
set state-policy floating

match on pppoe0 scrub (reassemble tcp,random-id,no-df,max-mss 1440, min-ttl 64)
match out on pppoe0 inet from !(egress:network) to any nat-to (pppoe:0)

antispoof log for {$ext_if, $int_if}

block in log from {urpf-failed no-route} to any
block drop log
block in log quick on {$ext_if, $int_if} proto {tcp, udp} from any to any port $netbios

pass out on pppoe0 inet proto {tcp, udp, icmp}
pass out log on {$ext_if, $int_if} inet proto {tcp, udp} from any port $allowPort to any
pass out proto icmp icmp-type echoreq

pass in log in $int_if inet proto {tcp, udp, icmp}

No P2P network
No ssh
No telnet
No dangerous old protocol services running

My Suspection:
ARP attack (What are the good software to protect 3 kinds of ARP attack?)
STP
SLP
Hacking was did by my ISP.
There is pf carp protocol running after the hacked (LAN Attack)

Can broadcast or multicast protocol at the same subnet uses to attack the OpenBSD machine?

I could upload the whole OS file to here for inspection. Please tell me how to do it. Thanks.