The pfSense Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - agreenfield1

Pages: [1]
1
General Discussion / Help with possible security issue
« on: February 05, 2015, 06:03:23 pm »
I had some network problems this morning, and would like to find out what happened.  I'm not sure if I have a compromised computer, or if the problem was elsewhere.  Observations:

 - This morning, most websites weren't loading on my ipad or computer
 - https sites wouldn't load, and Google Chrome showed certificate errors: they were signed by 'lolcat'
 - Did a tracert and ping to a random site.  It resolved to 195.22.26.248 (not the 'correct' ip), which a google search suggests is a sinkhole (not clear on what this means)
 - For the tracert, the hostname for every step (except my router) was rdns.gigabell.es
 - Logged in to pfsense to check dns settings.  i had them set to 8.8.8.8 and 4.2.2.3 (Google dns and Level3)
 - I checked the box to 'Allow DNS server list to be overridden by DHCP/PPP on WAN', and everything instantly started to work correctly.

If the Google DNS or Level3 DNS servers were down/hacked I would have expected a news story or something, so I'm concerned I may have a compromised system in my network.  Any thoughts on what may have happened?  FYI, this occurred at home where I have pfsense serving as the router in a VM.

Pages: [1]