Persistent user priviledge gain attack via STUN NAT Transversal

Attempted User Privilege Gain attack

I just realized I’ve been subject to a persistent user privilege gain attack since march 2021 via the “ET INFO Session Transversal Utilities for NAT (STUN binding request on non standard high port)”. A few days ago VPN stopped working (which coincides with latest attack), and other odd behaviors recently. I am on PFSESENSE 2.4.5 release on a Netgate webappliance, with Snort and Suriaca installed. Kinda shocked and am wondering if you guys have any suggestions, as to how I can go about fixing this thing. What is odd is that the router (Snort), which is instructed to generated a block for such alerts, appears to have been allowing entry into the network; log reads “Attempted User Privilege Gain,1,alert,Allow” WTF. Thanks in advance.

Not likely an attack, more likely phone service causing the issue. Also you should be on pfsense 2.6 now.

Windows, Google, a lot of user level services try to bind a STUN and ET blocks them every time.

You will get these with a fresh from ISO install of Windows, especially so if you install chrome, this is not malware or attack based. Why they think they need this, no idea.