Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 4766 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange "Network Attacks" from IPv6 to IPv4

Casual_User

Hello,

I've noticed these "attacks" listed on the control centre screen for the past couple of days.  It is interesting considering that they do not originate from my LAN and are not directed at my LAN.  The attacks are shown as "SSL Request Export Ciphersuite Detection" coming from an external IPv6 directed to an external IPv4.  The attacks were listed as moderate and the packets were not dropped.  I'm getting about 3 attacks per day.

The "Attacker IP" was: 2001:b031:107:ff00::10

 The "Victim IP" was: 38.4.100.0

I am curious as to:

  1. How did an external IP "attack" another external IP through the XG firewall
  2. How did an IPv6 attack an IPv4.  I would have thought you would have needed to be on the same network.

Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    This is still happening.  It occurs only every so often.  I'm not very concerned just curious/confused.

    My firewall rules only permit LAN to WAN access for my internal IPv4 and IPv6 ranges.  In this case, the 2001:b031... range does not fall within my internal IPv6 range.  So it should not be permitted.

    This is listed under "Browser Attacks".  Does this mean that the browser is acting as an intermediary and permitting this somehow (firewall seeing the LAN address of the computer and allowing it, but registering the attach for the WAN address)?  Perhaps I'm grasping at straws here...

    Out of curiosity (frustration), I created a firewall rule that drops all connections from WAN to WAN for all address ranges for IPv4 and IPv6.  This has not stopped this "attack" and it has not logged any dropped traffic.

    I have no idea what computer on my network is involved in this attack, if it is using a browser on my LAN as an intermediary.  So it is hard to troubleshoot from there.

    Is this "attack" apart of the "hidden" firewall ruleset?

    Thanks...

Reply
  • 0

    This is still happening.  It occurs only every so often.  I'm not very concerned just curious/confused.

    My firewall rules only permit LAN to WAN access for my internal IPv4 and IPv6 ranges.  In this case, the 2001:b031... range does not fall within my internal IPv6 range.  So it should not be permitted.

    This is listed under "Browser Attacks".  Does this mean that the browser is acting as an intermediary and permitting this somehow (firewall seeing the LAN address of the computer and allowing it, but registering the attach for the WAN address)?  Perhaps I'm grasping at straws here...

    Out of curiosity (frustration), I created a firewall rule that drops all connections from WAN to WAN for all address ranges for IPv4 and IPv6.  This has not stopped this "attack" and it has not logged any dropped traffic.

    I have no idea what computer on my network is involved in this attack, if it is using a browser on my LAN as an intermediary.  So it is hard to troubleshoot from there.

    Is this "attack" apart of the "hidden" firewall ruleset?

    Thanks...

Children
No Data