QID 34020 UDP firewall vulnerability

QID 34020 UDP firewall vulnerability. How do I fix this?
Larry ChildressAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
btanConnect With a Mentor Exec ConsultantCommented:
I believe you are referring to UDP Source Port Pass Firewall findings. This means your firewall policy seems to allow UDP packets with a specific source port (for example, port 53) to pass through while it blocks UDP packets to the same destination ports but with a random source port. It is possible that the firewall also allows UDP packets with other well-known ports as source ports to go through.

You'll need a rule which monitors session state, likely a firewall (hardware or host based), so that this traffic is only allowed if your servers already sent an outgoing request to the destinated servers (for port 53 case, it is DNS server on UDP 53).
0
 
btanExec ConsultantCommented:
As suggested.
0
All Courses

From novice to tech pro — start learning today.