Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 408
  • Last Modified:

UDP coming in firewall?

It appears UDP packets are coming from the Internet through the Firewall to specific servers.  

Anyone have any idea how this might have happened?  The firewall solution was IPtables.

Any thoughts would be appreciated.
0
NYGiantsFan
Asked:
NYGiantsFan
3 Solutions
 
FrabbleCommented:
It would help if you gave the source and destination ports. They could be return traffic for connections initiated by the servers. You should also be aware that Unix systems use UDP ports 33434 to 33534 for traceroute so are you allowing these in from the outside?
0
 
NYGiantsFanAuthor Commented:
I will get those ports shortly. The firewall has NAT. The Destination IP was a private IP address.  (10.16.0.15)
0
 
NYGiantsFanAuthor Commented:
Hi,
The source IP address port was 25033 and the destination IP address is 2877.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
giltjrCommented:
Is the traffic coming into your firewall with the destination IP address of 10.16.0.15, or is this what the public IP address is NAT'ed to?

If 10.16.0.15 is what the NAT translates to, is that IP address valid on your network?

Does is have a service/task listening on UDP port 2877?
0
 
DarinTCHSenior CyberSecurity EngineerCommented:
UDP traffic is a legitimate type of traffic for many protocols

so unless we know what your allowing and blocking
protocol wise
its hard to say

was the traffic originated from outside or did your system generate something and your only looking at the return session???

IPTables is a very sinple FW at best

it can be tweaked and used to control traffic to a degree but IT IS NOT a legitimate Enterprise solution

that's why there are several Networking/security companys making the big bucks selling FW
even a open source FW would provide more than IPTables
0
 
NYGiantsFanAuthor Commented:
My question was rather vague.  I will refine the question.  Thank you everyone for your thoughts.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now