Detecting/reporting suspicious chatter on local devices?

Follow

Chris Milkosky

• December 14, 2021 20:30

Hi!  I have a firewalla Gold. Question for you that the log4j RCE vulnerability made me wonder.

Can Firewalla show me which devices on my network are talking to each other and if it is suspicious?  For example, my wifi thermostat probably shouldn't be doing portscans or trying to connect to other devices locally.  Is there anything installed already that lets me see chatter between local devices like that?

Thanks!

 

0

• 

  Firewalla

  • December 16, 2021 17:46

  You need to segment your network for this. Meaning, place your local devices on different subnets, and apply policy to each of the subnets. 

  0

  Comment actions Permalink
• 

  Chris Milkosky

  • May 17, 2022 23:45

  Thanks. How about just seeing which devices are talking to each other at all? Do I need to segment my network for that? Or are local devices talking to each other without passing through the firewalla? Now that I think about it, I think that’s probably the case - they only are visible to firewalla when they need to hop to another network or get out on the WAN, right?

  If that is the case then I need to sniff my wifi to see who is talking with who, correct?

  0

  Comment actions Permalink
• 

  Firewalla

  • May 18, 2022 01:41

  Yes, you need to segment in order to see device traffic. Firewalla is a router/firewall, and it can not see LAN traffic on the same segment. That traffic does not go to firewalla (or any other router). 

  To sniff LAN traffic (properly) you need a function like a SPAN port on a switch to get all that traffic. I don't think wifi AP supports such 

  0

  Comment actions Permalink

Please sign in to leave a comment.