Attempted User Privilege Gain attack
I just realized I’ve been subject to a persistent user privilege gain attack since march 2021 via the “ET INFO Session Transversal Utilities for NAT (STUN binding request on non standard high port)”. A few days ago VPN stopped working (which coincides with latest attack), and other odd behaviors recently. I am on PFSESENSE 2.4.5 release on a Netgate webappliance, with Snort and Suriaca installed. Kinda shocked and am wondering if you guys have any suggestions, as to how I can go about fixing this thing. What is odd is that the router (Snort), which is instructed to generated a block for such alerts, appears to have been allowing entry into the network; log reads “Attempted User Privilege Gain,1,alert,Allow” WTF. Thanks in advance.