Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.
Get the latest news in this issue of the Cisco Small Business Monthly Newsletter

480
Views
0
Helpful
6
Replies
Highlighted
Scott Frank
Beginner
Beginner
‎04-14-2019 08:47 PM
‎04-14-2019 08:47 PM

RV320 letting port scans through firewall...

I am playing around with Snort on a router behind an RV320 router.  Funny thing is that it is getting port scanned from IPs from out on the WAN.

 

So the big question is, why are port scans getting through the RV320 firewall?

 

Everything is up to date...

Labels:
0 Helpful
Reply
6 REPLIES 6
Highlighted
Jaderson Pessoa
VIP Collaborator VIP Collaborator
VIP Collaborator
‎04-14-2019 08:49 PM
‎04-14-2019 08:49 PM

Hello,

What port you are getting from your firewall?
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful
Reply
Highlighted
Scott Frank
Beginner
Beginner
In response to Jaderson Pessoa
‎04-14-2019 09:21 PM
‎04-14-2019 09:21 PM

The alert only indicates it was a scan of UDP ports.  And it lists the source, which are internet IPs not lan IPs.

0 Helpful
Reply
Highlighted
Jaderson Pessoa
VIP Collaborator VIP Collaborator
VIP Collaborator
In response to Scott Frank
‎04-15-2019 05:02 AM
‎04-15-2019 05:02 AM

scan from out side its normally, all the time there are someone that trying access ours data, but you need know what kind of services are allowed to external side.
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful
Reply
Highlighted
Scott Frank
Beginner
Beginner
In response to Jaderson Pessoa
‎04-15-2019 07:39 PM
‎04-15-2019 07:39 PM

There is no forwarding set up on this router.  There are no ports open.

 

Tried one of those firewall testers and it said everything was ok.  Makes no sense.

 

Have no idea how this traffic is getting in.  Could it be leaking though someone on a VPN or an IOT device.

 

No real tweaks besides a couple of vlans.

0 Helpful
Reply
Highlighted
Scott Frank
Beginner
Beginner
In response to Scott Frank
‎04-15-2019 09:22 PM
‎04-15-2019 09:22 PM

Update:

 

Did more investigating with some other tools.  I always noticed with snort that there would be a couple of scans and then nothing for a long while.  What I just noticed with another tool is that when something new comes on the LAN there is a flood from the WAN right after that. 

 

From what I can gather is that for some reason the firewall goes down, for a short while, when something connects to the LAN (VLAN to be exact).

0 Helpful
Reply
Highlighted
Jaderson Pessoa
VIP Collaborator VIP Collaborator
VIP Collaborator
In response to Scott Frank
‎04-16-2019 04:45 AM
‎04-16-2019 04:45 AM

@Scott Frank  hello,

 

 

You can user a logs to know what address was sending a lot of packets to your wan interface on your firewall and try block it. To do same for the lan you can use a wireshark to mitigate what device do it.

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful
Reply
Latest Contents
Special offer - Cisco Designed Secure Remote Work
Created by Kelli Glass on 02-18-2021 10:22 AM
0
0
0
0
Cisco Designed Secure Remote Work helps you work more productively and securely whatever your location. Worry less and work smarter with enterprise-grade, cloud-based collaboration and security together in one package that's easy to purchase, deploy,... view more
Small business resilience and recovery roundtable
Created by Kelli Glass on 01-28-2021 02:24 PM
0
0
0
0
On Tuesday, February 2nd, you can join a great discussion with an industry analyst, Will Townsend, our partner- Port53,  and our customer -Cheetah Technologies. We’re helping small businesses assess where they are on their digital journey and wh... view more
Let's talk about small business resilience and recovery
Created by Kelli Glass on 01-28-2021 02:18 PM
0
0
0
0
On Tuesday, February 2nd, you can join a great discussion with an industry analyst, Will Townsend, our partner- Port53,  and our customer -Cheetah Technologies. We’re helping small businesses assess where they are on their digital journey and where t... view more
#CiscoChat Live: Small businesses deserve big security prote...
Created by Kelli Glass on 01-19-2021 05:22 PM
0
0
0
0
Join us live on Thursday, January 21 at 10 am PT (and on demand after) as Kate MacLean, head of product marketing for Cisco Umbrella, moderates a discussion about cybersecurity for small businesses. We’ll talk about the specific cyberthreats facing s... view more
#CiscoChat Live: Small businesses deserve big security prote...
Created by Kelli Glass on 01-19-2021 05:19 PM
2
0
2
0
Join us live on Thursday, January 21 at 10 am PT (and on demand after) as Kate MacLean, head of product marketing for Cisco Umbrella, moderates a discussion about cybersecurity for small businesses. We’ll talk about the specific cyberthreats facing s... view more