Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with Firewall and Security Issue


  • Please log in to reply
1 reply to this topic

#1 m1ckrz

m1ckrz

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:05:59 PM

Posted 18 July 2014 - 01:58 PM

Firewall model: Sonicwall NSA2400.

 

I am trying to figure out our firewall to diagnose a possible breach. We have a current rule active to deny all WAN to all LAN for all protocols. I just want to be sure that this would deny anything that is not specifically set to be allowed by other rules, correct?

 

I am currently seeing an active connection coming in from another country. However, while I see it in the connections monitor, there is nothing in the logs for the IP (handshake, ack). How is this possible if we have everything denied and why does nothing show up in the logs if it shows up in the connections monitor? When I try to "flush" the connection, I get the alert "Not Found" and when I refresh, the connection remains. I am also seeing TX and RX from the connection.

 

The only connections allowed outside the access rules is an active VPN tunnel for another company. I don't know if this is a security issue or if I just don't understand the firewall well enough (I am the in-house Tier 1, the Tier 2 guy is out of the country).

 

Any help would be GREATLY appreciated.



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 20 July 2014 - 04:36 AM

Are you sure that this is an incoming TCP connection and not an outgoing TCP connection?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users