Bad one: SonicWALL Remote Management Vulnerability

DustinB3403

@PhlipElder Is the blog post 3 steps?

1. unplug sonicwall
2. open window
3. throw sonicwall out open window

?

PhlipElder

@DustinB3403 said in Bad one: SonicWALL Remote Management Vulnerability:

@PhlipElder Is the blog post 3 steps?

1. unplug sonicwall
2. open window
3. throw sonicwall out open window

?

I don't subscribe to that religion.

wrx7m

WTF? People NAT their iDracs?

DustinB3403

@wrx7m said in Bad one: SonicWALL Remote Management Vulnerability:

WTF? People NAT their iDracs?

Some people...

notverypunny

@DustinB3403 said in Bad one: SonicWALL Remote Management Vulnerability:

@wrx7m said in Bad one: SonicWALL Remote Management Vulnerability:

WTF? People NAT their iDracs?

Some people...

Probably the same people that put ketchup on a perfectly good steak..... psychopaths the whole lot of them

iroal

4 years ago I changed SonicWall for Pfsense.

One of the best changes I've ever done.

scottalanmiller

@iroal said in Bad one: SonicWALL Remote Management Vulnerability:

4 years ago I changed SonicWall for Pfsense.

One of the best changes I've ever done.

We've been replacing pfSenses with UBNT, also a nice move

scottalanmiller

@wrx7m said in Bad one: SonicWALL Remote Management Vulnerability:

WTF? People NAT their iDracs?

As opposed to what? Having a disconnected management LAN and only jump boxes to get to them?

notverypunny

@scottalanmiller said in Bad one: SonicWALL Remote Management Vulnerability:

@wrx7m said in Bad one: SonicWALL Remote Management Vulnerability:

WTF? People NAT their iDracs?

As opposed to what? Having a disconnected management LAN and only jump boxes to get to them?

I think he was referring to inbound NAT / port forwarding from the internet as opposed to LAN only access

scottalanmiller

@notverypunny said in Bad one: SonicWALL Remote Management Vulnerability:

@scottalanmiller said in Bad one: SonicWALL Remote Management Vulnerability:

@wrx7m said in Bad one: SonicWALL Remote Management Vulnerability:

WTF? People NAT their iDracs?

As opposed to what? Having a disconnected management LAN and only jump boxes to get to them?

I think he was referring to inbound NAT / port forwarding from the internet as opposed to LAN only access

Oh, yeah PORT FORWARDING to an iDRAC would be pretty "not recommended." But behind a NAT firewall would just allow them to reach out and update, and no one to reach in by default.

iroal

@scottalanmiller said in Bad one: SonicWALL Remote Management Vulnerability:

UBNT

For what reason? Are there any problem with Pfsense ?

scottalanmiller

@iroal said in Bad one: SonicWALL Remote Management Vulnerability:

@scottalanmiller said in Bad one: SonicWALL Remote Management Vulnerability:

UBNT

For what reason? Are there any problem with Pfsense ?

Not problems, pfSense is a good product. The biggest "problem" is the lack of vertical integration with hardware. With the UBNT we get software custom made for the specific hardware, and support. So we don't have to do our own installs, and don't need random third party software. It's one, inclusive package that is well known and tested both in the field and by the vendor. pfSense is software only and as a software firewall would be at the top of my list. But we deploy hardware and the benefits are the lower cost, better supported hardware with massive supply chain are pretty impossible to beat.

And the central monitoring features of UBNT carry a lot of value. We get centralized visibility.

iroal

@scottalanmiller

@scottalanmiller said in Bad one: SonicWALL Remote Management Vulnerability:

@iroal said in Bad one: SonicWALL Remote Management Vulnerability:

@scottalanmiller said in Bad one: SonicWALL Remote Management Vulnerability:

UBNT

For what reason? Are there any problem with Pfsense ?

Not problems, pfSense is a good product. The biggest "problem" is the lack of vertical integration with hardware. With the UBNT we get software custom made for the specific hardware, and support. So we don't have to do our own installs, and don't need random third party software. It's one, inclusive package that is well known and tested both in the field and by the vendor. pfSense is software only and as a software firewall would be at the top of my list. But we deploy hardware and the benefits are the lower cost, better supported hardware with massive supply chain are pretty impossible to beat.

And the central monitoring features of UBNT carry a lot of value. We get centralized visibility.

Thanks for your opinion, I always learn of them.

dafyre

PFSense has a newer fork now as well, known as OPNSense (https://opnsense.org/)

More modern UI and such, decent packages available if you need extra stuff, but as far as routing and a firewall, it's pretty excellent!

scottalanmiller

@dafyre said in Bad one: SonicWALL Remote Management Vulnerability:

PFSense has a newer fork now as well, known as OPNSense (https://opnsense.org/)

More modern UI and such, decent packages available if you need extra stuff, but as far as routing and a firewall, it's pretty excellent!

Both have a third party UTM add on option, too.