Re: Solutions for DoS DDoS
I can think of few options here (basically restating what has been said already) : - Black hole routing on ISP side - just makes the client unreachable outside ISP , available everywhere, free. Not really a protection as aids the attacker in achieving his goal - shutting down the client - Managed DDOS As a Service on ISP side - ISP has a dedicated solution to stop attacks on ISP premises (by dedicated I mean some hardware installed) . Vendors vary (Arbor/Radware/etc..) and actually are not of much importance to the end client - only SLA should be in place. Costs money, advisable when undergoing non-stop/frequent attacks of moderate severity. If an attack reaches gigabits bandwidth consumption the ISP may revert back to Black Hole to protect its backbone and other clients. - If speaking of web/email services - hosted solution is viable to some degree (e..g Amazon AWS Cloudfront, Google Apps, CDNs etc) . IT is not a DEDICATED hosted solution against DDOS, so be prepared for the provider to shut down the client if the attack gets heavy enough - Hosted web/email solutions WITH dedicated DDOS protection included, including insurance that client will not be shut down on heavy load attack (Prolexic etc) . Costs money (not cheap at all) and if your site is not to be attacked like krebsonsecurity.com or fbi.gov probably an overkill. HTH -- Taking challenges one by one. http://yurisk.info
Re: Check Point Firewall Appliances
Having a love-and-hate relationship with Checkpoint firewalls after working for 6 years daily with them I am probably biased :), but will say they are great firewalls once you know to work with them . If you are completely new to it I'd recommend Checkpoint CCSA/CCSE from accredited APT course as the shortest path , Alternatives: - CBT Nuggets CCSA course , but last time I checked it was for NGX R65 that is substantially different from current versions, only if you can get it really cheap - Documentation from Checkpoint site (freely available to everyone) is the start-all end-all source (I did it this way) takes time but in the end you will have a through understanding of the product - Online is a good place once you know the basics. If, on the other hand, you don't know to do manual port-forwarding , Google will only suck your time. But for problems/inconsistencies/debug : http://cpug.org - Independent forum where you can always find advice from many knowledgeable and helpful folks ; http://www.cpshared.com/forums/ Same goes here - people who can configure route-based VPNs with policy-based routing with closed eyes hang around here https://forums.checkpoint.com/ Official support forums from Checkpoint, less active than 2 above HTH Yuri On Wed, Dec 19, 2012 at 9:35 PM, Blake Pfankuch bl...@pfankuch.me wrote: Howdy, I am just getting into an environment with a large Check Point deployment and I am looking for a little bit of feedback from other real world admins. Looking for what people like, what people don't (why hopefully). Also for those of you who might run Check Point devices in your environments what to dig into first as far as getting more experience on the devices and a better understanding of how not to break them. I am slowly going through all of the official documentation, but would also like to hear a real world opinion. Thanks in advance! Blake -- Taking challenges one by one. http://yurisk.info
Re: BGP Security Research Question
Having seen few hundreds BGP peerings with internal clients as well as with uplink providers cannot recall anyone ever even trying to use such features. And given that both were created back in late 90s early 2000s we can safely assume these technologies (S-BGP/soBGP) will stay just that - blue-sky academic research (but who can tell the future on the other hand ...) In real life people use - bgp ttl security, md5 passwords, control plane protection of 179 port, inbound/outbound routes filters. So far this has been enough. On Tue, Nov 4, 2014 at 5:57 AM, Anthony Weems amlwe...@gmail.com wrote: I'm a student in college learning about networking and, specifically, BGP. Does anyone have any statistics on the use of S-BGP or soBGP in the wild? I've read a few papers / RFCs on the subject (from Cisco and the like), but I haven't been able to find any information about actual usage. Additionally, do people scan BGP speakers in the same sense that researchers perform scans of the Internet (e.g. zmap)? -- Anthony Weems -- Taking challenges one by one. http://yurisk.info
Re: BGP Security Research Question
Let me disagree - Pakistan Youtube was possible only because their uplink provider did NOT implement inbound route filters . As always the weakest link is human factor - and no super-duper newest technology is ever to help here . As regards to S-bgp/soBGP from technical point of view , wait for the day when the vulnerability gets published (SSL-heartbleed style) that invalidates all this PKI stuff ... Yuri On Tue, Nov 4, 2014 at 2:38 PM, sth...@nethelp.no wrote: In real life people use - bgp ttl security, md5 passwords, control plane protection of 179 port, inbound/outbound routes filters. So far this has been enough. These mechanisms do little or nothing to protect against unauthorized origination of routing information. There are plenty of examples which say it has *not* been enough, see for instance the Pakistan Telecom - Youtube incident in 2008. Steinar Haug, Nethelp consulting, sth...@nethelp.no -- Taking challenges one by one. http://yurisk.info
Re: Fwd: [cooperation-wg] Massive IP blockings in Russia
Thanks for sharing, Note of caution - there is a mess going on with this blocking so if some IP range/domain is not in any list it doesn't necessary mean it is not blocked. Lists are created/updated pretty sporadically (e.g. the list does not say so but there are reports of blocked DigitalOCean nets 167.99.0.0/16 & 206.189.0.0/16 https://www.securitylab.ru/news/492749.php) . My 2 cents - once Russian Internet authorities get tired of chasing their own tail (any sysadmin knows you can't block ain't nothing by IP addresses today) they will stop this fruitless effort (but of course they cannot do it right now and lose the face) and things will be back to normal. On Thu, Apr 19, 2018 at 9:39 PM, Bryan Fieldswrote: > On 4/19/18 1:36 PM, Sandra Murphy wrote: > > > Russian ISPs MUST fully block all traffic to such networks. The list is > > frequently updated and gets automatically propagated to ISP every once > in a > > while, failure to block any address may result in 1500eur fine. > > Per day? That's a cost of doing business. Can we donate to pay it > somewhere? > > > The > > infrastructure listed above is being added to the blocklist under > > “counter-terrorist and counter-extremist” order of the General Prosecutor > > Office, #27-31-2015/Id4082-15, issued in 2015 and often used for blocking > > an arbitrary unwanted content. The real reason for such blocking is an > > attempt to cut access to Telegram messenger, which refused to provide > > end-to-end encryption keys to the Federal Security Service (previously > > known as KGB). > > Necessity is the plea for every infringement of human liberty. > It is the argument of tyrants; it is the creed of slaves. > -- William Pitt > -- > Bryan Fields > > 727-409-1194 - Voice > http://bryanfields.net > -- Taking challenges one by one. http://yurisk.info