DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 28th May 2022
philo_neo71 philo_neo71 is offline
Spam Deminer
 
Join Date: Jul 2009
Posts: 278
Default cyber attack on bsd

hi,
I suffered several attacks on a BSD 7.1,
I’m in IPV6, I’ve deactivated the sshd daemon.
Apparently my hard firewall is circumvented, how can I set my firewall on my openBSD station, I must encrypt my hard drive because apparently the multiple partitions are penetrated.
so I reset my BSD which had suffered some damage especially on the/home partition.
Reply With Quote
  #2   (View Single Post)  
Old 28th May 2022
jmccue jmccue is offline
Real Name: John McCue
Package Pilot
 
Join Date: Aug 2012
Location: here
Posts: 167
Default

Encryption of the hard drive will not help you with "cyber attacks". Only if your system is stolen or physically accessed would it be useful.

See OpenBSD pf for the firewall help.

Sorry, but I have to wonder why you are posting "cyber attacks" all over the place (I just noticed that). I think at this point you should consider using google or duckduckgo or some search engine to see if you can figure out what you are seeing .
__________________
[t]csh(1) - "An elegant shell, for a more... civilized age."
- Paraphrasing Star Wars (tvtropes.org)
Reply With Quote
  #3   (View Single Post)  
Old 29th May 2022
frcc frcc is offline
Don't Worry Be Happy!
 
Join Date: Jul 2011
Location: hot,dry,dusty,rainy,windy,straight winds, tornado,puts the fear of God in you-Texas
Posts: 335
Default

In addition to jmccue's comment above:

Take a look at OpenBSD's Pf. for configuration help and operational info.

In the past I have provisioned Pf to "Block" all ip address's that were not in the country I was located in.
If your system does not need to be exposed to the internet in its entirety then it would be one of my first steps. This may be accomplished by creating a table to hold all the ip addresses that your country contains, at least up until the creation of that table. In that way you can configure Pf to accept all traffic that comes from your country but not others. It makes the table smaller, although Pf handles that configuration without any noticeable speed loss. This of course assumes that your system does need to "face the public on the internet, i.e. static ip"......This will reduce the amount of probing traffic to your system right off the bat.

I always configure SSHD daemon with another port other than 22, although this just slows attackers in the process of determining which ports your system is exposed to that faces the internet. This is not an end all in itself. Security is an in depth process.

SSHD is too valuable of an asset to disable at least in my opinion. (Or you can disable it until needed)

Take a look at software that you might have installed that could open your system to the internet in an unprotected manner or software that might not be in the OpenBSD's packages, or possibly a package in the collection since the developers cannot vet all in the manner that the OS is.

Is your system available to others?
Do you have misbehaving users?
Do you monitor and/or restrict their usage?

Does your system face the internet? i.e. Are you running a server or simply browsing and emailing from a desktop or laptop?

Review your Logs!!!! Many answers lurk there!!!

Did you configure or use a software package that might behave in a manner that is looking like an attack?

You may also review your IP traffic in real time or historical by your system or add on software from the package repository...

Have you installed, and or configured and used a virus scanner?, R U running a mail server? etc.

I ran several internet facing servers for years without an incident running OpenBSD httpd and also simple configured laptops and or desktops without an intruder problem. Most if not all of my issues were operator inflicted i.e. Me. ....

Last edited by frcc; 29th May 2022 at 01:02 PM. Reason: clarify and expand
Reply With Quote
  #4   (View Single Post)  
Old 29th May 2022
philo_neo71 philo_neo71 is offline
Spam Deminer
 
Join Date: Jul 2009
Posts: 278
Default

post / thread solved
Reply With Quote
  #5   (View Single Post)  
Old 30th May 2022
frcc frcc is offline
Don't Worry Be Happy!
 
Join Date: Jul 2011
Location: hot,dry,dusty,rainy,windy,straight winds, tornado,puts the fear of God in you-Texas
Posts: 335
Default

Would you share with us what the resolution was, it might help others experiencing what you have, and it might help them.
Reply With Quote
  #6   (View Single Post)  
Old 30th May 2022
philo_neo71 philo_neo71 is offline
Spam Deminer
 
Join Date: Jul 2009
Posts: 278
Default

yes of course I will wait a little to see if my solution is the right one!
if I'm not a hacker I'll gladly give you the solution.
Wait a little bit!
Reply With Quote
  #7   (View Single Post)  
Old 2nd June 2022
philo_neo71 philo_neo71 is offline
Spam Deminer
 
Join Date: Jul 2009
Posts: 278
Default

apparently I was able to counter cyber attacks on an openbsd 7.1 with an AMD prossessor architecture, it is a rather old computing personnal.
Solution:
It takes two hard drives of the same size, for my part I mounted old Sata hard drives.
Since the bios enable raid 0, start installing OpenBSD which itself will install its boot file on the second hard drive, OpenBSD is intéligent.
So when the hacker tries to access the file systems, he will fall on the master boot record of the first hard drive that is like an output hatch.
When you start the station you should see >> hd0+ hd1+*.
I hope you succeeded...
Sincerely,

Last edited by philo_neo71; 2nd June 2022 at 11:36 AM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
cuber attack on BSD philo_neo71 FreeBSD Security 1 29th May 2022 01:27 PM
Security Operation Red October - large-scale cyber-espionage uncovered J65nko News 4 23rd January 2013 06:21 PM
NATO signs contract for Cyber Defence shep News 0 11th March 2012 05:31 PM
Top Cyber Security Risks J65nko News 1 22nd January 2010 02:40 AM


All times are GMT. The time now is 12:33 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick