Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Grizzly Steppe - TA18-106A - Filter incoming protocols

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 333 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jc2it
      last edited by

      I was reading through the information in Alert (TA18-106A) https://www.us-cert.gov/ncas/alerts/TA18-106A Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices, aka Grizzly Steppe from US CERT. Near the bottom of that document it lists commands that may be used from the Internet to gather information. I am sure it is only the tip of the iceberg for the number of possibilities that are capable.

      What technology in a Firewall will inspect the Allowed incoming data stream and block these keywords? Would this be what Suricata and Snort are used for? Or is there a lighter weight alternative?

      So as I envision it. I have created a firewall, and set up rules to allow traffic, but now as the traffic is passed through if there are certain parts of the protocol that I don't want to transmit to the internal system the system will inspect, classify and block or filter.

      Perhaps a proxy is what I am looking for?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.