Threat Sg.TA.L3SSg2+b.8.2

URI: Sg.TA.L3SSg2+b.8.2

Description: Port forwarding from FromSubnet to ToSubnet via Gateway is enabled: if the route from public subnet FromSubnet to private subnet ToSubnet via a NAT gateway host Gateway is in service, then port forwarding is normally used to allow connections where expected between legitimate clients and services.

Threat Type: Primary Threat

Matching Pattern:

MP-L3SSg2+b

Finds a gateway from one IP subnet to a second IP subnet, along with the segment asset representing the route via the gateway, where this route is blocked by default.

(empty)

ServiceChannelsAllowed at Role_FwdSegment

CSG-DisablePortForwarding-Runtime

If device Gateway blocks unsolicited connections into private subnet ToSubnet, port forwarding is used to allow access to services by legitimate clients. This strategy may represent a run-time adaptation in response to a threat, or a permanent restriction introduced by design or in accordance with an operational policy or user preference. It also triggers threats representing side effects that would be caused by such a restriction.

Threat Sg.TA.L3SSg2+b.8.2

MP-L3SSg2+b

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (0)

Misbehaviour Sets (1)

Control Strategies (1)