On Wed, 29 Jul 2015, Wong Peter wrote: > Q:why do you believe that your machine was hacked? > A: My pf rules was flushed.This can prove using pfctl -sr. The whoe > firewall was not usable anymore. NO NAT nor packet filtering. > > Q: You say that whatever happened was done by your ISP even though you had > no Internet connection.Why do you believe that to be true? > A: Our ISP had implement monitoring like NSA or British CGHQ. Moreover, > Hacking openBSD is not that easy. First hop hacking is much more easier > than anyone. > > Q: Why do you believe that you had no Internet connection? > A: No response when ping dns server and no IP address assign to pppoe0 > interface. > > Q: If you had no Internet connection, how is it that someone at your ISP > would have been able to access the machine? > A: I had no idea. Thus, I was asked it here. > > Q: Where is the machine actually located? > A: This is a home use firewall router sit behind a modem. > > Where to find log files regarding pf rule was flushed out using carp or > pfsync? > > I'm understand you all want to help me and you all require information. > I'm tried to extract the whole OS into zip file and copied to portable hard > disk but it failed. > It say no such file or directory. > cp /home/user/bsd.tar.gz /mnt/obsd/ > > What wrong with it?
I see no evidence that your ISP hacked your machine. As you say hacking OpenBSD is not easy. Further it is difficult to imagine what motive somebody might have in hacking into your machine and turning your Internet connection and NAT off. One plausable scenario is that your firewall rules are not setup correctly to begin with, and the machine rebooted due to a power interruption, and the firewall rules never got put back in. There are many other plausable scenarios that somebody with more time could think of. Is your computer set up to restore the connection and firewall on boot? Have you tested that? As far as intrusion goes, the best place to look would be /var/log/authlog, which will record logins. However I think what I've outlined above will be a more fruitful approach. Further your entire OS image is far too large to send here, and very few people here will have the patience to wade through it searching for your problem. If cp says "no such file or directory" then either the source file path is wrong or the destination directory does not exist. To be very blunt, the fact that you did not know this makes me suspect that you have misconfigured your system in some way. Describe how you configured it, and somebody may be able to help you. -- Martin
