Firewall UDP ? Attack !! Or Normal ?
-
@noplan but........
The traffic's being..............blocked?
-
@silence what is the dest port? That is source port 2096? For all we know your generating the traffic and not allowing the answer?
I first read it as that was your IP and port.. But your hiding what port they are going to?
-
This post is deleted! -
without knowning what services he is providing behind his firewall to his clients I think we are not able to help him out, especially minding the early posts and informations (VPN inherit IP and traffic and on and on )
the next step for him will be to set up surricata and monitor this inbound WAN traffic on UDP against every avail list for the IDS/IPS system
@deanfourie yes I know that he blocked that UDP Traffic,
but he @Silence never told us what services he is providing behind his firewall so maybe this is traffic is what his clients are requesting but he is blocking (think about 200 clients as he told, so a lot of nasty stuff can happen)until there he provides us with more info lets sing all together ...
I don't practice Santeria, I ain't got no crystal ball .... -
-
@noplan said in Firewall UDP ? Attack !! Or Normal ?:
never told us what services he is providing behind his firewall
It's just my router (I don't have any services behind it)
@johnpoz said in Firewall UDP ? Attack !! Or Normal ?:
I first read it as that was your IP and port.. But your hiding what port they are going to?
destination port were random at that time.
-
@silence
have you checked you LAN ?
found this after 2 sec of looking ...
i checked some of your source IPs ...
for me with lack of coffee at the moment those sources looking like random chatter on the wire
the wired thing is they are trying to get to dest port 1987 ...
so you have to look into iteverything else is guessing
brNP -
-
@silence
So let's wrap it up
There is no attack
Get rid of that stupid rule
Mark the topic as solved
And be aware that none of your clients is going to sue you for faulty security consultingBR NP without coffee
-
-
@noplan said in Firewall UDP ? Attack !! Or Normal ?:
There is no attack
Excellent, I'll mark the issue as resolved, at the end I was informed the office is offline due to ransomware.
In short, if I had something pointing to my wan trying to achieve this, and in the end I achieved it in one way or another. But hey, none of this doesn't matter.
NOTE: Never see massive noise as normal noise
-
@silence
So there was something fishy (ransomware as you mentioned) on your LAN behind your pfS
BR np