3CX DLL-Sideloading attack: What you need to know
Hi guys,
I have appliance Sophos UTM SG135 v9.
I have followed this knowledge base guide - Site-to-site VPN configurations for Amazon VPC at https://community.sophos.com/kb/en-us/120922 which works great and straightforward. Behind on the UTM network, I can ping all EC2 instances and telnet successfully for running port services.
However, inside of my Sophos UTM, pinging and telneting were unsuccessful. It seems the UTM has a route issue going to AWS VPN.
utm:/root # ip route get 172.18.2.225172.18.2.225 via 169.xxx.xxx.85 dev vpc0.0 src 169.xxx.xxx.86cache
utm:/root # ip route get 172.18.2.225
172.18.2.225 via 169.xxx.xxx.85 dev vpc0.0 src 169.xxx.xxx.86
cache
utm:/root # ping 172.18.2.225PING 172.18.2.225 (172.18.2.225) 56(84) bytes of data.^C--- 172.18.2.225 ping statistics ---22 packets transmitted, 0 received, 100% packet loss, time 21160ms
utm:/root # ping 172.18.2.225
PING 172.18.2.225 (172.18.2.225) 56(84) bytes of data.
^C
--- 172.18.2.225 ping statistics ---
22 packets transmitted, 0 received, 100% packet loss, time 21160ms
utm:/root # ping -I vpc0.0 172.18.2.225PING 172.18.2.225 (172.18.2.225) from 169.xxx.xxx.86 vpc0.0: 56(84) bytes of data.^C--- 172.18.2.225 ping statistics ---57 packets transmitted, 0 received, 100% packet loss, time 56389ms
utm:/root # ping -I vpc0.0 172.18.2.225
PING 172.18.2.225 (172.18.2.225) from 169.xxx.xxx.86 vpc0.0: 56(84) bytes of data.
57 packets transmitted, 0 received, 100% packet loss, time 56389ms
utm:/root # ping -s 10.0.16.1 172.18.2.225 -c 2PING 172.18.2.225 (172.18.2.225) 10(38) bytes of data.
utm:/root # ping -s 10.0.16.1 172.18.2.225 -c 2
PING 172.18.2.225 (172.18.2.225) 10(38) bytes of data.
--- 172.18.2.225 ping statistics ---2 packets transmitted, 0 received, 100% packet loss, time 999ms
2 packets transmitted, 0 received, 100% packet loss, time 999ms
utm:/root # traceroute 172.18.2.225traceroute to 172.18.2.225 (172.18.2.225), 30 hops max, 40 byte packets using UDP1 * * *2 * * *3 * * *4 * * *5 * * *6 * * *7 * * *8 * * *9 * * *10 * * *11 * * *12 * * *13 * * *14 * * *15 * * *16 * * *17 * * *18 * * *19 * * *20 * * *21 * * *22 * * *23 * * *24 * * *25 * * *26 * * *27 * * *28 * * *29 * * *30 * * *
utm:/root # traceroute 172.18.2.225
traceroute to 172.18.2.225 (172.18.2.225), 30 hops max, 40 byte packets using UDP
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Also, I've opened firewall for the two AWS tunnels (Outside IP Addresses) with "ANY" and still no luck. Also, opened to 0.0.0.0/0 allow on AWS VPC Network ACL.
Any advise of what I am missing is deeply appreciated. Thanks!
Hi James C
Thank you for reaching out to the Community!
Do you have ping settings configured to allow ping from the gateway under firewall> ICMP > Ping Settings?
If it is already allowed, check packetfilter.log file for this traffic and provide the logs.
Thanks,
Hi
Thanks for your reply. This has been resolved now.
You just need to specify network interface ip address and should good to go.
ping -I <utm's ip address> 172.18.2.225