Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 476
  • Last Modified:

QID 34020 UDP firewall vulnerability

QID 34020 UDP firewall vulnerability. How do I fix this?
0
Larry Childress
Asked:
Larry Childress
  • 2
1 Solution
 
btanExec ConsultantCommented:
I believe you are referring to UDP Source Port Pass Firewall findings. This means your firewall policy seems to allow UDP packets with a specific source port (for example, port 53) to pass through while it blocks UDP packets to the same destination ports but with a random source port. It is possible that the firewall also allows UDP packets with other well-known ports as source ports to go through.

You'll need a rule which monitors session state, likely a firewall (hardware or host based), so that this traffic is only allowed if your servers already sent an outgoing request to the destinated servers (for port 53 case, it is DNS server on UDP 53).
0
 
btanExec ConsultantCommented:
As suggested.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now