?
Solved

UDP coming in firewall?

Posted on 2012-12-28
6
Medium Priority
?
396 Views
Last Modified: 2013-01-04
It appears UDP packets are coming from the Internet through the Firewall to specific servers.  

Anyone have any idea how this might have happened?  The firewall solution was IPtables.

Any thoughts would be appreciated.
0
Comment
Question by:NYGiantsFan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 15

Assisted Solution

by:Frabble
Frabble earned 268 total points
ID: 38728424
It would help if you gave the source and destination ports. They could be return traffic for connections initiated by the servers. You should also be aware that Unix systems use UDP ports 33434 to 33534 for traceroute so are you allowing these in from the outside?
0
 

Author Comment

by:NYGiantsFan
ID: 38728975
I will get those ports shortly. The firewall has NAT. The Destination IP was a private IP address.  (10.16.0.15)
0
 

Author Comment

by:NYGiantsFan
ID: 38729036
Hi,
The source IP address port was 25033 and the destination IP address is 2877.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 332 total points
ID: 38732522
Is the traffic coming into your firewall with the destination IP address of 10.16.0.15, or is this what the public IP address is NAT'ed to?

If 10.16.0.15 is what the NAT translates to, is that IP address valid on your network?

Does is have a service/task listening on UDP port 2877?
0
 
LVL 12

Accepted Solution

by:
DarinTCH earned 400 total points
ID: 38733922
UDP traffic is a legitimate type of traffic for many protocols

so unless we know what your allowing and blocking
protocol wise
its hard to say

was the traffic originated from outside or did your system generate something and your only looking at the return session???

IPTables is a very sinple FW at best

it can be tweaked and used to control traffic to a degree but IT IS NOT a legitimate Enterprise solution

that's why there are several Networking/security companys making the big bucks selling FW
even a open source FW would provide more than IPTables
0
 

Author Closing Comment

by:NYGiantsFan
ID: 38744746
My question was rather vague.  I will refine the question.  Thank you everyone for your thoughts.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses
Course of the Month13 days, 23 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question