Solved

UDP coming in firewall?

Posted on 2012-12-28
6
386 Views
Last Modified: 2013-01-04
It appears UDP packets are coming from the Internet through the Firewall to specific servers.  

Anyone have any idea how this might have happened?  The firewall solution was IPtables.

Any thoughts would be appreciated.
0
Comment
Question by:NYGiantsFan
6 Comments
 
LVL 15

Assisted Solution

by:Frabble
Frabble earned 134 total points
Comment Utility
It would help if you gave the source and destination ports. They could be return traffic for connections initiated by the servers. You should also be aware that Unix systems use UDP ports 33434 to 33534 for traceroute so are you allowing these in from the outside?
0
 

Author Comment

by:NYGiantsFan
Comment Utility
I will get those ports shortly. The firewall has NAT. The Destination IP was a private IP address.  (10.16.0.15)
0
 

Author Comment

by:NYGiantsFan
Comment Utility
Hi,
The source IP address port was 25033 and the destination IP address is 2877.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 166 total points
Comment Utility
Is the traffic coming into your firewall with the destination IP address of 10.16.0.15, or is this what the public IP address is NAT'ed to?

If 10.16.0.15 is what the NAT translates to, is that IP address valid on your network?

Does is have a service/task listening on UDP port 2877?
0
 
LVL 12

Accepted Solution

by:
DarinTCH earned 200 total points
Comment Utility
UDP traffic is a legitimate type of traffic for many protocols

so unless we know what your allowing and blocking
protocol wise
its hard to say

was the traffic originated from outside or did your system generate something and your only looking at the return session???

IPTables is a very sinple FW at best

it can be tweaked and used to control traffic to a degree but IT IS NOT a legitimate Enterprise solution

that's why there are several Networking/security companys making the big bucks selling FW
even a open source FW would provide more than IPTables
0
 

Author Closing Comment

by:NYGiantsFan
Comment Utility
My question was rather vague.  I will refine the question.  Thank you everyone for your thoughts.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in theā€¦
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now