Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

firewall hole punching

Posted on 2013-05-15
8
Medium Priority
?
454 Views
Last Modified: 2013-08-02
Hi,
It appears someone is punching through my firewall via UPD.  We don't use port randomization.

Does anyone know how this is dealt with by firewall manufactures?   We are currently using IPTables and wondering if a purchased solution would solve this.  Thanks.

Thanks.
0
Comment
Question by:NYGiantsFan
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:dbaideme
ID: 39169402
Really need further information. What traffic are you allowing in?

Are you positive a system inside the network has not been compromised and is initiating the connection?

How are you seeing the UDP connection/traffic?
0
 
LVL 62

Expert Comment

by:gheist
ID: 39180693
What kind of firewall?
Can you show log message pointing to rule that is expected to block named traffic?
UpNp ?
0
 

Author Comment

by:NYGiantsFan
ID: 39205755
I am seeing the UDP packet from an IDs.  The ids alert indicates that the packet is originating from an external IP address and the destination is a private IP (10.16.0.3).

My guess is that they are shooting the packet through the external IP address and a selected port.

The firewall is IPtables.  I don't think anything is being blocked.  I do not have a copy of the IPtables config file.  (Network team is being difficult and living in denial)

Any insight you have would be great.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 62

Accepted Solution

by:
gheist earned 2000 total points
ID: 39206932
They can hardly route RFC 1918 network over internet.
You should filter those networks (drop) at border all ways possible.
Most likely it already passed nat, e.g somebody runs bittorrent client, that sends UDP out and NAT gets response UDP back.
0
 

Author Comment

by:NYGiantsFan
ID: 39207832
Sorry, I don't understand what you mean by "They can hardly route RFC 1918 network over the internet".


I think what is happening is they are firing packets into the external IP address through a port (maybe they are guessing) and it is being translated by the NAT into local IP address.
0
 
LVL 62

Expert Comment

by:gheist
ID: 39211946
No way packets destined to 10/8 get over internet to you.
If your firewall opens listeners on all ports  like that it is seriously flawed (maybe made in 1996, butnot after)
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Spectre and Meltdown, how it affects me and my clients?
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question