Solved

UDP coming in firewall?

Posted on 2012-12-28
6
393 Views
Last Modified: 2013-01-04
It appears UDP packets are coming from the Internet through the Firewall to specific servers.  

Anyone have any idea how this might have happened?  The firewall solution was IPtables.

Any thoughts would be appreciated.
0
Comment
Question by:NYGiantsFan
6 Comments
 
LVL 15

Assisted Solution

by:Frabble
Frabble earned 134 total points
ID: 38728424
It would help if you gave the source and destination ports. They could be return traffic for connections initiated by the servers. You should also be aware that Unix systems use UDP ports 33434 to 33534 for traceroute so are you allowing these in from the outside?
0
 

Author Comment

by:NYGiantsFan
ID: 38728975
I will get those ports shortly. The firewall has NAT. The Destination IP was a private IP address.  (10.16.0.15)
0
 

Author Comment

by:NYGiantsFan
ID: 38729036
Hi,
The source IP address port was 25033 and the destination IP address is 2877.
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 166 total points
ID: 38732522
Is the traffic coming into your firewall with the destination IP address of 10.16.0.15, or is this what the public IP address is NAT'ed to?

If 10.16.0.15 is what the NAT translates to, is that IP address valid on your network?

Does is have a service/task listening on UDP port 2877?
0
 
LVL 12

Accepted Solution

by:
DarinTCH earned 200 total points
ID: 38733922
UDP traffic is a legitimate type of traffic for many protocols

so unless we know what your allowing and blocking
protocol wise
its hard to say

was the traffic originated from outside or did your system generate something and your only looking at the return session???

IPTables is a very sinple FW at best

it can be tweaked and used to control traffic to a degree but IT IS NOT a legitimate Enterprise solution

that's why there are several Networking/security companys making the big bucks selling FW
even a open source FW would provide more than IPTables
0
 

Author Closing Comment

by:NYGiantsFan
ID: 38744746
My question was rather vague.  I will refine the question.  Thank you everyone for your thoughts.
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question