firewall hole punching

Hi,
It appears someone is punching through my firewall via UPD.  We don't use port randomization.

Does anyone know how this is dealt with by firewall manufactures?   We are currently using IPTables and wondering if a purchased solution would solve this.  Thanks.

Thanks.
NYGiantsFanAsked:
Who is Participating?
 
gheistConnect With a Mentor Commented:
They can hardly route RFC 1918 network over internet.
You should filter those networks (drop) at border all ways possible.
Most likely it already passed nat, e.g somebody runs bittorrent client, that sends UDP out and NAT gets response UDP back.
0
 
dbaidemeCommented:
Really need further information. What traffic are you allowing in?

Are you positive a system inside the network has not been compromised and is initiating the connection?

How are you seeing the UDP connection/traffic?
0
 
gheistCommented:
What kind of firewall?
Can you show log message pointing to rule that is expected to block named traffic?
UpNp ?
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
NYGiantsFanAuthor Commented:
I am seeing the UDP packet from an IDs.  The ids alert indicates that the packet is originating from an external IP address and the destination is a private IP (10.16.0.3).

My guess is that they are shooting the packet through the external IP address and a selected port.

The firewall is IPtables.  I don't think anything is being blocked.  I do not have a copy of the IPtables config file.  (Network team is being difficult and living in denial)

Any insight you have would be great.
0
 
NYGiantsFanAuthor Commented:
Sorry, I don't understand what you mean by "They can hardly route RFC 1918 network over the internet".


I think what is happening is they are firing packets into the external IP address through a port (maybe they are guessing) and it is being translated by the NAT into local IP address.
0
 
gheistCommented:
No way packets destined to 10/8 get over internet to you.
If your firewall opens listeners on all ports  like that it is seriously flawed (maybe made in 1996, butnot after)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.