Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: STUN traffic - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
STUN traffic
Hi.. I've spent two weeks now logging traffic without lan comps, only active HW and one SIEM (Ossim w/ snort) inspecting traffic on my network..
Now my logs show several (Snort: STUN) traffic, with only active HW available... I've had some interesting packets captured (apparently from my ISP, need to check those more), all are trying to get into my first LAN firewall.. Several IPs from different sources, different ports, all data saved... And my first firewall is ISP controlled, they don't react any of my messages :(

The question is what now... Dialogue with ISP, consumer support (by law, not ISP) (Not industrial network)... Forwarding data packets to some other (who? where?) for further analyzing before suing anyone...

For example, Amazon, ISP tries to contact my first own controlled firewall... No comps online on LAN... any suggestions where to go?

9 Posts

Sign Up for Free or Log In to start participating in the conversation!