Solved: Re: High Vulnerabilities UDP 53

Lemineral · ‎10-24-2023

Dear Expert

i have cisco FTD 2120, and on my firewall Tenable scan found "Firewall UDP Packet Source Port 53 Ruleset Bypass"

But when i check on connection event from outside to inside, and inside to outside, UDP Port 53 and 1025 already blocked,

but on tenable scan still found ICMP request still given to unknown internet IP, can you please advice me, what is policy i need to set for this vulnerabilities

Regards

Yusran

Marvin Rhoads · ‎10-26-2023

To block ICMP use a platform policy setting in FMC. Platform Policy > ICMP Access > Add block for new port object ICMP-Any on your outside interface. Save and deploy.

For FDM-managed devices, use a flexconfig object.

Reference:https://community.cisco.com/t5/network-security/block-icmp-to-ftd-device-interface-ip-in-fdm/td-p/4152340

View solution in original post

Marvin Rhoads · ‎10-24-2023

Is your ACP rule using application (DNS) or port+protocol (udp/53)?

If it is using DNS application, several packets will be allowed through to allow the firewall to determine the actual application in use. that can sometimes result in false positives from scanning engines like Tenable Nessus.

Lemineral · ‎10-25-2023

Hello Marvin

Many thanks for your replay, on my ACP im not using DNS or Port (UDP/53) as specified,

can you help me, how to make ICMP request block from unknown ip internet on my cisco firewall

Marvin Rhoads · ‎10-26-2023

To block ICMP use a platform policy setting in FMC. Platform Policy > ICMP Access > Add block for new port object ICMP-Any on your outside interface. Save and deploy.

For FDM-managed devices, use a flexconfig object.

Reference:https://community.cisco.com/t5/network-security/block-icmp-to-ftd-device-interface-ip-in-fdm/td-p/4152340

Lemineral · ‎10-26-2023

Dear Marvin

thanks for your help, i got it