Dear Rediteers, I need to develop a firewall rule to allow a certain application (https://www.saal-digital.eu/software-download/download/?ClientPlatformType=0). Wireshark & DNSQuerySniffer allowed me to narrow down that all communication happens through port 80&443, TCP, IPv4. The initial request is a DNS request but then my issue starts: the following requests are to wildly varying IPs. I tried Whois lookups for those domains and tried adding those neighboring IP ranges to also add all future variations. I did not manage to find the proper ASNs to that company.
So, long story short: how do you profile a 3rd party application to create your firewall rules?
No comments:
Post a Comment