Tuesday, September 1, 2020

Develop Firewall Rule

Dear Rediteers, I need to develop a firewall rule to allow a certain application (https://www.saal-digital.eu/software-download/download/?ClientPlatformType=0). Wireshark & DNSQuerySniffer allowed me to narrow down that all communication happens through port 80&443, TCP, IPv4. The initial request is a DNS request but then my issue starts: the following requests are to wildly varying IPs. I tried Whois lookups for those domains and tried adding those neighboring IP ranges to also add all future variations. I did not manage to find the proper ASNs to that company.

So, long story short: how do you profile a 3rd party application to create your firewall rules?



No comments:

Post a Comment