?
Solved

firewall hole punching

Posted on 2013-05-15
8
Medium Priority
?
449 Views
Last Modified: 2013-08-02
Hi,
It appears someone is punching through my firewall via UPD.  We don't use port randomization.

Does anyone know how this is dealt with by firewall manufactures?   We are currently using IPTables and wondering if a purchased solution would solve this.  Thanks.

Thanks.
0
Comment
Question by:NYGiantsFan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
8 Comments
 
LVL 3

Expert Comment

by:dbaideme
ID: 39169402
Really need further information. What traffic are you allowing in?

Are you positive a system inside the network has not been compromised and is initiating the connection?

How are you seeing the UDP connection/traffic?
0
 
LVL 62

Expert Comment

by:gheist
ID: 39180693
What kind of firewall?
Can you show log message pointing to rule that is expected to block named traffic?
UpNp ?
0
 

Author Comment

by:NYGiantsFan
ID: 39205755
I am seeing the UDP packet from an IDs.  The ids alert indicates that the packet is originating from an external IP address and the destination is a private IP (10.16.0.3).

My guess is that they are shooting the packet through the external IP address and a selected port.

The firewall is IPtables.  I don't think anything is being blocked.  I do not have a copy of the IPtables config file.  (Network team is being difficult and living in denial)

Any insight you have would be great.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
LVL 62

Accepted Solution

by:
gheist earned 2000 total points
ID: 39206932
They can hardly route RFC 1918 network over internet.
You should filter those networks (drop) at border all ways possible.
Most likely it already passed nat, e.g somebody runs bittorrent client, that sends UDP out and NAT gets response UDP back.
0
 

Author Comment

by:NYGiantsFan
ID: 39207832
Sorry, I don't understand what you mean by "They can hardly route RFC 1918 network over the internet".


I think what is happening is they are firing packets into the external IP address through a port (maybe they are guessing) and it is being translated by the NAT into local IP address.
0
 
LVL 62

Expert Comment

by:gheist
ID: 39211946
No way packets destined to 10/8 get over internet to you.
If your firewall opens listeners on all ports  like that it is seriously flawed (maybe made in 1996, butnot after)
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question