[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[LDM #FFX-692476]: STUN protocol on ldm via a tcpdump

David,

The LDM doesn't do anything special to convert a hostname into an IP address: 
it simply uses the standard system functions to convert the hostname of a 
REQUEST entry into an IP address. So if your LDM-s are using the public IP 
address of your other LDM-s, then either the REQUEST entries are specifying the 
other LDM-s by public IP addresses or the operating systems are converting the 
hostnames into public IP addresses.

Also, the LDM doesn't use the STUN protocol directly. It might use it 
indirectly (and unknowingly) through the operating system.

Are you certain that the internal LDM-s are using their public IP addresses to 
communicate?

> Just recently we noticed a flag on our IPS involving our internal network 
> talking to the external IP addresses.  So I decided to run tcpdump on our 
> internal interface of our internet connection to see how much traffic was 
> actually trying to connect to our external ip addresses from the internal 
> network ips.
> 
> Our current configuration is internal IP addresses of our server farm are 
> 10.11.0.0/22 network.
> 
> Our external IP address range is 192.203.136.0/23
> 
> We are seeing 3 of our servers, not only talking to each other servers 
> outside our network, but to each other using the external IP addresses as 
> destinations.  Looking further using tcpdump to capture and wireshark to view 
> the data, a protocol called STUN is visible within the traffic.
> 
> -Dave


Regards,
Steve Emmerson

Ticket Details
===================
Ticket ID: FFX-692476
Department: Support LDM
Priority: Normal
Status: Closed