Browsed by
Tag: pfsense

Block Malvertising and Advertising with pfBlockerNG
Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL)

Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL)

Comments 185 comments

This walkthrough uses the DNSBL portion of pfBlockerNG to remove ads/advertising and more importantly, malvertising. It essentially creates a functionality similar to the pi-Hole project except it doesn’t require a separate piece of hardware. Instead, you just use your pfSense + pfBlockerNG! If you’re interested in a write-up on installing/configuring the pi-hole on Ubuntu, I have one here. Please note this walkthrough is for the devel version of pfBlockerNG. The pfBlockerNG-devel package is in the standard list of available packages…

Read More Read More

pi hole and ubuntu to blackhole dns
Installing pi-hole on Ubuntu 18.04 LTS

Installing pi-hole on Ubuntu 18.04 LTS

Comments 41 comments

In this guide, I will walkthrough how to install and test the pi-hole on Ubuntu and more specifically, Ubuntu Server. These same instructions may work on Ubuntu Desktop, but I strongly suggest Server. Why Ubuntu instead of a Raspberry Pi? I love Raspberry Pis and I probably own at least 10 of them. But sometimes I want to perform DNS blocking/blackholing and I either a) don’t have a Raspberry Pi in an environment or b) I have a virtual environment…

Read More Read More

Quad9 and pfSense
Configuring Quad9 on pfSense

Configuring Quad9 on pfSense

Comments 41 comments

Quad9 is a DNS platform that adds several layers of security. It does this via standard DNS queries/responses.Basically, if a machine on your network queries a known bad hostname, the Quad9 DNS server responds by stating that domain does not exist (NX DOMAIN or non-existent domain). Quad9 also allows you to use DNS over TLS. If you would like a bit more info on Quad9 including some speed benchmarks against other DNS services, I would suggest an earlier article, Quad9 – First…

Read More Read More

Security Onion, Zeek, and RITA vs. PowerShell C2
Onion-Zeek-RITA

Onion-Zeek-RITA

Comments 0 Comment

This research is also available for download from the SANS Reading Room. I’ve included the link below. Feel free to add comments or ask questions on this website even if you download the paper from the SANS Reading Room. Onion-Zeek-RITA: Improving Network Visibility and Detecting C2 Activity Changelog26Dec2018 – Originally posted6Jan2019 – Added link to SANS Reading Room Onion-Zeek-RITA: Improving Network Visibility and Detecting C2 Activity Abstract The information security industry is predicted to exceed 100 billion dollars in the…

Read More Read More

proxmox and pfsense
pfSense VLANs on Proxmox

pfSense VLANs on Proxmox

Comments 4 comments

Proxmox is a server virtualization management platform. In many ways, it is an open-source version of ESXi for VMware. While Proxmox is growing on me, the documentation is a bit on the short side and/or in many cases flat out wrong because it has changed so much. I found this out when trying to virtualize pfSense and I was playing around with VLANs. One source said to do it this way, another said something completely different. The kicker is that…

Read More Read More

pfsense logo
SSHGuard settings on pfSense

SSHGuard settings on pfSense

Comments 3 comments

Something that always annoyed me when performing a vulnerability scan on a pfSense system was the alerts it triggered. Basically, the vulnerability scanner would attempt to bruteforce SSH logins, which would trigger the sshguard protections, placing the IP address in the sshguard table (Diagnostics -> Tables), producing 100’s of firewall block messages, etc. Dec 3 16:22:37 – Int: em0 Type: block Prot: tcp Src: 192.168.1.8:38553 Dest: 192.168.1.1:22 Tracker: 1000000301 – block drop in log quick proto tcp from <sshguard:1> to…

Read More Read More

Malware Browser Popup - No Ad blocking
Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL) – Old

Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL) – Old

Comments 50 comments

This walkthrough uses the DNSBL portion of pfBlockerNG to remove ads/advertising and more importantly, malvertising. It essentially creates a functionality similar to the pi-Hole project except it doesn’t require a separate piece of hardware. Instead, you just use your pfSense (pfBlockerNG)! If you’re interested in a write-up on installing/configuring the pi-hole on Ubuntu, I have one here. I love pfSense and if I could only install one package to enhance its capabilities, it would undoubtedly be pfBlockerNG. pfBlockerNG is a pfSense…

Read More Read More

Redirect outgoing NTP traffic to an internal NTP server

Redirect outgoing NTP traffic to an internal NTP server

Comments 8 comments

Tired of seeing outbound NTP blocks in your firewall logs because you restrict outgoing traffic? Or maybe you are receiving alerts because some device uses NTP pool resources (such as pool.ntp.org) and one of those IP addresses has ended up on a blacklist, blocklist, threat intelligence feed, etc? Either way, few things in the life of an IT or security professional are as frustrating as false positives. This write-up will help you change that with a little NAT magic, aka…

Read More Read More

Nagios pfSense SSH Proxy Step 2 resized
Monitoring pfSense with Nagios Using SSH – part 3

Monitoring pfSense with Nagios Using SSH – part 3

Comments 28 comments

Configuring the checks on Nagios XI This is the third and final part to monitoring pfSense with Nagios XI using SSH. If you missed either of the previous parts, I’ve included them below. Note: If you’re configuring this on Nagios Core, scroll down to the bottom of this page for the example commands.cfg and services.cfg files. Part 1: Setting up password-less SSH Part 2: Downloading and testing the checks Changelog 15Dec2017 – Originally posted 9May2018 – Added uptime and CPU…

Read More Read More

Nagios pfSense services detail
Monitoring pfSense with Nagios Using SSH – part 2

Monitoring pfSense with Nagios Using SSH – part 2

Comments 30 comments

Downloading and testing the checks In the part 1, we setup password-less SSH. Now that we have a secure connection between the systems, we are quite a bit closer to securely running check commands using the SSH proxy on Nagios XI or the check_by_ssh on Nagios Core. Changelog 15Dec2017 – Originally posted 9May2018 – Added uptime and CPU temperature check as well as a Nagios Core example 11May2018 – Modified the check_pf_mem plugin 1June2018 – Added Nagios Core services.cfg and…

Read More Read More