Using lulu on osx in home business setup. Any reason for external router base firewall?

I have Lulu setup under osx on my Mac. So say an errant program, curl, if it tries to access outside address is stopped.

Would an external router based firewall bring any extra level of protection? I surmise that it will not be fine-grained enough to stop a particular process.

I believe that outgoing request are more risky than incoming request as I do not have any programming listening for request. e.g. No web server enabled.

What use would external router based firewall bring?

I am seeing ICMP type 3 error message from my firewall logs. However , I am unable to find the original request sent to that external IP [closed]

No matching connection for ICMP error message: icmp src inside: X.X.X.98 dst outside: X.X.X.11 (type 3, code 2) on inside interface. Original IP payload: udp src X.X.X.11/53 dst X.X.X.98/52906.

Can somebody please help me understand the cause.

Mongo DB hacked (read_me_to_recover) without the port exposed in the firewall?

I Have recently setup parse-server on a DO vps, using 3 docker containers, one for parse-server, one for parse-server dashboard and one for mongodb. Because I am just testing this setup I left the mongo container as it is (mongodb://mongo:27017/dev). I have NGINX (not in docker) running as a reverse proxy (to get SSL), it forwards port 80 and 443 to http://127.0.0.1:4040 internal (the parse dashboard web gui). and it routes 1338 to http://127.0.0.1:1337 the parse server (API) itself. This parse server connects to my mongo DB internally.

This is the first time I am using Docker and mongoDB, because of this setup and the mongo db port not open I thought it would be half-decently safe. My question is, how did the hacker breach my database? There was nothing of value stored but there might be in the future. I don’t think he exploited my parse server because I could see the connection coming from a cpython client (the parse connection showed as nodeJS client.

I have added: NGINX, FIREWALL,Docker processes, Mongo LOG lines

nginx terminal

{"t":{"$  date":"2020-08-13T12:23:14.165+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"connection accepted","attr":{"remote":"46.182.106.190:39672","sessionId":31,"connectionCount":3}} {"t":{"$  date":"2020-08-13T12:23:14.359+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn31","msg":"client metadata","attr":{"remote":"46.182.106.190:39672","client":"conn31","doc":{"driver":{"name":"PyMong                      o","version":"3.10.1"},"os":{"type":"Linux","name":"Linux","architecture":"x86_64","version":"4.15.0-112-generic"},"platform":"CPython 3.6.9.final.0"}}} {"t":{"$  date":"2020-08-13T12:23:15.941+00:00"},"s":"I",  "c":"COMMAND",  "id":20337,   "ctx":"conn31","msg":"dropDatabase - starting","attr":{"db":"READ_ME_TO_RECOVER_YOUR_DATA"}} 
> db.README.find(); { "_id" : ObjectId("5f3536cd2a546e2eea8211eb"), "content" : "All your data is a backed up. You must pay 0.015 BTC to 145Nny3Gi6nWVBz45Gv9SqxFaj                                                                                              uwTb2qTw 48 hours for recover it. After 48 hours expiration we will leaked and exposed all your data. In case of refusal to pay, we will contac                                                                                              t the General Data Protection Regulation, GDPR and notify them that you store user data in an open form and is not safe. Under the rules of the                                                                                               law, you face a heavy fine or arrest and your base dump will be dropped from our server! You can buy bitcoin here, does not take much time to                                                                                               buy https://localbitcoins.com with this guide https://localbitcoins.com/guides/how-to-buy-bitcoins After paying write to me in the mail with yo                                                                                              ur DB IP: restore_base@tuta.io" } 

Reverse shell from behind NAT and Firewall

I am new here so I apologize for not providing complete details. Let me explain you the problem now. I was working on Ganana 1 CTF challenge. To up the challenge, I decided to place this CTF machine behind a router. My entire LAB is on Vmware. For this scenario, I used three virtual machines : Kali, Ipfire and Ganana 1 CTF machine.

Kali Linux is my attacker machine which received its IP from VMWARE NAT (192.168.44.5).

Ipfire is installed as a router cum firewall with RED + GREEN configuration. The RED (external) interface received its IP address (192.168.44.3) from Vmware NAT and for the GREEN interface IPfire acts as a DHCP server (192.168.33.1).

Now, I connected Ganana CTF machine to the GREEN interface of the IPfire. It’s IP address is 192.168.33.11.

The GREEN interface is allowed to have internet. Now, when I port scanned the Ganana CTF machine from my kali, port 80can be accessed. As part of the challenge, I got access to the wordpress installation on the target machine. It is here I decided to edit 404.php page to change the code to that of php reverse shell by pentest monkey. I configured it to connect to my attacker machines’ IP address (192.168.44.5) port 1234. But the reverse shell is not working. However, when kali and Ganana 1 are placed on the same network (NAT) the shell is working.

What is the mistake I am making?

Reverse shell from behind firewall and NAT

I have been working on a cyber security project in which I placed a web server behind ipfire router ( external IP 192.168.44.3). This is part of a GREEN LAN network (say IP IS 192.168.33.11). I am trying to get a reverse shell from this target web server to my attacker machine kali (ip 192.168.44.5). CAN somebody help me in detail as how to get this reverse shell successfully?

Is it possible to get into others’ firewall and remove a blocked ip address? [closed]

If for some reason somebody got his/her ip address automatically blocked by some website’s firewall and sent a email to the website manager, however, for some reason the website manager didn’t see the message, and the blocked user need to use this website badly, then could he/she manually remove the ip from the blacklist on his/her own?

Do we need SSL Certificate on both Firewall and WAF for inbound traffic?

We have a website hosted behind WAF(FortiWeb) and Firewall (FortiGate). The WAF already has the server valid SSL Certificate from public CA. Do we need to install SSL certificate on Firewall also for inbound traffic to make it more secure ? Will Unscanned https traffic reach the firewall first compromise the network ?

Firewall for my devices (iPad, iPhone, surface) on a shared home WiFi network?

I am renting a room and using shared home WiFi network. The owner has setup a Netgear WiFi range extender for me. I have another roommate on the same network along with the owners. I use Nord VPN. Since a few months I have been getting weird emails…someone opens accounts (like Snapchat, SoundCloud, Pinterest etc.) in my name constantly. I close one account and two more gets opened. I accessed those accounts and they had photos and stuff, so someone had been using them. I noticed that date of birth in one account was a date of significance to me (not my dob) and year in the username was a significant year related to that date. So it is confirmed that I’m hacked. On top of that yesterday I accessed my new website hosting service and made some changes to start a website, today this person opened an account for hiring employees. I believe someone can access (Hack into) my devices through home WiFi. Is there a way to monitor who is accessing and stop it in real time like a firewall. I use iPad and surface pro. Any advice to secure my devices?