Persistent user priviledge gain attack via STUN NAT Transversal

Cyber Security & Hacking
1

Attempted User Privilege Gain attack

I just realized I’ve been subject to a persistent user privilege gain attack since march 2021 via the “ET INFO Session Transversal Utilities for NAT (STUN binding request on non standard high port)”. A few days ago VPN stopped working (which coincides with latest attack), and other odd behaviors recently. I am on PFSESENSE 2.4.5 release on a Netgate webappliance, with Snort and Suriaca installed. Kinda shocked and am wondering if you guys have any suggestions, as to how I can go about fixing this thing. What is odd is that the router (Snort), which is instructed to generated a block for such alerts, appears to have been allowing entry into the network; log reads “Attempted User Privilege Gain,1,alert,Allow” WTF. Thanks in advance.

2

Not likely an attack, more likely phone service causing the issue. Also you should be on pfsense 2.6 now.

3

Windows, Google, a lot of user level services try to bind a STUN and ET blocks them every time.

You will get these with a fresh from ISO install of Windows, especially so if you install chrome, this is not malware or attack based. Why they think they need this, no idea.