Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 370
  • Last Modified:

Sonicwall not blocking IRC

It appears that on one my colo box has a trojan horse on. I setup a rule to block TCP port 6667 - 6669. But this traffic is still coming through. I think the problem is that the since the traffic originates from his box behind the firewall the packets are allowedl. How do I block this using my sonicwall pro 200 firewall

Thanks.

Duficy
0
duficy
Asked:
duficy
  • 3
  • 2
1 Solution
 
ihotdeskCommented:
Block outbound IRC, from the server in question to anywhere:

DENY      IRC (6667 - 6669)     Server1 (192.168.1.1)          ANY (*)



If the packets are originating internally then it will have to be blocked from internal to external.




hth
Tony
0
 
duficyAuthor Commented:
Ok so If I create a rule called BLOCKIRC that block 6969 and setup

deny LAN > WAN   BLOCKIRC

will this block this traffic even if's established.

Also is there any way to use the sonicwall to break an existing connection.
0
 
ihotdeskCommented:
It will stop furthe rocnnections...

To /break/ existing cobbections, you will have too either restart, or pull the plug for a few seconds.
A restart for /maintenance/ may we wise.



Tony
0
 
duficyAuthor Commented:
>o /break/ existing cobbections, you will have too either restart, or pull the plug for a few seconds.

Isn't there a way to setup a route on sonicwall to route the offending IP to /dev/null
0
 
ihotdeskCommented:
Nope,

The sonicwall, only has a HTML interface.  Such options to route to /dev/null, whilst very useful, sadly just do not exist.
To be honest, most IRC connections will have timed out by now, too so you are looking at very few if any existing sessions.

Also the sonicwall should try to re-establish a NEW TCP session, after the current session has expired.  If you block access, then this should be ok too
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now