Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

IETF RADIUS Dictionary Attack Vulnerability

djhurt1djhurt1 Enthusiast ✭✭
in Mid Range Firewalls

A third party has scanned our network for vulnerabilities recently. This popped up on the first scan. This is one vulnerability that I thought I took care of but it showed up again on the second scan. We've disabled management on WAN port. I've port scanned the WAN IP and nothing responds on port 1812 for me. There is one default access rule

radius-rule.PNG

Here is the a pic of the report

radius-vuln.PNG

It states port 1812/udp but again I can't get a response on that port in port scan. One idea was to set the from field in access rule to a random address. Any other thoughts on why the sonicwall is responding and how to eliminate it?

Category: Mid Range Firewalls
Reply

Answers

  • djhurt1djhurt1 Enthusiast ✭✭

    I did find a default NAT rule which I believe is likely the cause of this however why was this rule auto added? We never used RADIUS. Is this a standard out of the box thing?


    radius-nat.PNG


  • BWCBWC Cybersecurity Overlord ✭✭✭

    @djhurt1 the comment text bubble does not give a hint?

    I can only find auto generated Radius rules when SonicPoints are involved. Are you using the SonicWall Switches? There was a Radius section in there, but I can't test this.

    --Michael@BWC

  • djhurt1djhurt1 Enthusiast ✭✭
    edited December 2023

    @BWC

    No sonicwall switch on this firewall. I should correct my statement above, we do have RADIUS(NPS) implemented for a virtual access point but that's it.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @djhurt1 does the bubble for NAT or Access Rules holds any hint?

    --Michael@BWC

  • djhurt1djhurt1 Enthusiast ✭✭

    @bwc just says "Management NAT policy". We use local users on the sonicwall for management. I can't edit/remove the access rule or the NAT rule. I imagine I could go into the /diag page to allow me to delete these rules but as always I question if these are there for something I haven't considered.

  • djhurt1djhurt1 Enthusiast ✭✭

    @BWC

    just says "Management NAT policy". We use local users on the sonicwall for management. I can't edit/remove the access rule or the NAT rule. I imagine I could go into the /diag page to allow me to delete these rules but as always I question if these are there for something I haven't considered.

  • djhurt1djhurt1 Enthusiast ✭✭
    edited December 2023

    I've disabled the NAT rule and set the access rule to discard. However ports scans still show UDP Open|Filtered and TCP shows filtered. This happens regardless if the access rule is set to deny or discard.


    radiues-rule.PNG


Sign In or Register to comment.