We have a Fortigate perimeter firewall, and today I detected this event.
- What should I do to improve protection?
- How can someone obtain local IP address through a firewall?
The following alert was observed:
"WebRTC.Local.IP.Addresses.Disclosure".
date=2019-06-18 time=14:35:25 devname=xxxx devid=FG200ETK18901992
logid="0419016384" type="utm" subtype="ips" eventtype="signature"
level="alert" vd="root" eventtime=1560848725 severity="medium" srcip=y.y.y.y
srccountry="aaaaaa" dstip=x.x.x.x srcintf="wan1" srcintfrole="wan"
dstintf="port1" dstintfrole="lan" sessionid=158214294
action="dropped" proto=6 service="HTTP" policyid=40 attack="WebRTC.Local.IP.Addresses.Disclosure" srcport=80 dstport=57383
hostname="pxlclnmdecom-a.akamaihd.net" direction="incoming" attackid=40038
profile="default" ref="http://www.fortinet.com/ids/VID40038"
incidentserialno=13903968 msg="web_app3:
WebRTC.Local.IP.Addresses.Disclosure," crscore=10 crlevel="medium"...