?
Solved

Sonicwall not blocking IRC

Posted on 2005-03-06
5
Medium Priority
?
367 Views
Last Modified: 2008-07-03
It appears that on one my colo box has a trojan horse on. I setup a rule to block TCP port 6667 - 6669. But this traffic is still coming through. I think the problem is that the since the traffic originates from his box behind the firewall the packets are allowedl. How do I block this using my sonicwall pro 200 firewall

Thanks.

Duficy
0
Comment
Question by:duficy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:ihotdesk
ID: 13472907
Block outbound IRC, from the server in question to anywhere:

DENY      IRC (6667 - 6669)     Server1 (192.168.1.1)          ANY (*)



If the packets are originating internally then it will have to be blocked from internal to external.




hth
Tony
0
 

Author Comment

by:duficy
ID: 13473204
Ok so If I create a rule called BLOCKIRC that block 6969 and setup

deny LAN > WAN   BLOCKIRC

will this block this traffic even if's established.

Also is there any way to use the sonicwall to break an existing connection.
0
 
LVL 3

Expert Comment

by:ihotdesk
ID: 13475056
It will stop furthe rocnnections...

To /break/ existing cobbections, you will have too either restart, or pull the plug for a few seconds.
A restart for /maintenance/ may we wise.



Tony
0
 

Author Comment

by:duficy
ID: 13519605
>o /break/ existing cobbections, you will have too either restart, or pull the plug for a few seconds.

Isn't there a way to setup a route on sonicwall to route the offending IP to /dev/null
0
 
LVL 3

Accepted Solution

by:
ihotdesk earned 375 total points
ID: 13535597
Nope,

The sonicwall, only has a HTML interface.  Such options to route to /dev/null, whilst very useful, sadly just do not exist.
To be honest, most IRC connections will have timed out by now, too so you are looking at very few if any existing sessions.

Also the sonicwall should try to re-establish a NEW TCP session, after the current session has expired.  If you block access, then this should be ok too
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses
Course of the Month10 days, 16 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question