Solved

firewall hole punching

Posted on 2013-05-15
8
446 Views
Last Modified: 2013-08-02
Hi,
It appears someone is punching through my firewall via UPD.  We don't use port randomization.

Does anyone know how this is dealt with by firewall manufactures?   We are currently using IPTables and wondering if a purchased solution would solve this.  Thanks.

Thanks.
0
Comment
Question by:NYGiantsFan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
8 Comments
 
LVL 3

Expert Comment

by:dbaideme
ID: 39169402
Really need further information. What traffic are you allowing in?

Are you positive a system inside the network has not been compromised and is initiating the connection?

How are you seeing the UDP connection/traffic?
0
 
LVL 62

Expert Comment

by:gheist
ID: 39180693
What kind of firewall?
Can you show log message pointing to rule that is expected to block named traffic?
UpNp ?
0
 

Author Comment

by:NYGiantsFan
ID: 39205755
I am seeing the UDP packet from an IDs.  The ids alert indicates that the packet is originating from an external IP address and the destination is a private IP (10.16.0.3).

My guess is that they are shooting the packet through the external IP address and a selected port.

The firewall is IPtables.  I don't think anything is being blocked.  I do not have a copy of the IPtables config file.  (Network team is being difficult and living in denial)

Any insight you have would be great.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 39206932
They can hardly route RFC 1918 network over internet.
You should filter those networks (drop) at border all ways possible.
Most likely it already passed nat, e.g somebody runs bittorrent client, that sends UDP out and NAT gets response UDP back.
0
 

Author Comment

by:NYGiantsFan
ID: 39207832
Sorry, I don't understand what you mean by "They can hardly route RFC 1918 network over the internet".


I think what is happening is they are firing packets into the external IP address through a port (maybe they are guessing) and it is being translated by the NAT into local IP address.
0
 
LVL 62

Expert Comment

by:gheist
ID: 39211946
No way packets destined to 10/8 get over internet to you.
If your firewall opens listeners on all ports  like that it is seriously flawed (maybe made in 1996, butnot after)
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Trojan 28 117
Office 365 email security and hygiene features ? 6 73
Virus detection 6 45
Global Cyber attack 5 56
OnPage: Incident management and secure messaging on your smartphone
Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question