[j-nsp] How to protect m-series from bad guy
Wilson, Michael
mkwilson at uslec.com
Wed Apr 2 11:00:52 EST 2003
Hello Stephen-
I was looking at the secure junos-template, and I'm a little confused by the
tcp-flood-detect filter. It says to apply this outbound to lo0, and that an
indication of a possible flood attack could be a "high packets-syn to
packets-tcp" ratio. Does this assume that the router is the origin of the
attack? If the attack is originating from another host and targeting the
router, wouldn't we need to count the outbound syn-acks from the router? Or
does the "syn" flag count both syn and syn-ack packets? Good chance I'm
missing something here, but thought I'd ask anyway. Thanks for any
clarifications.
-----Original Message-----
From: Stephen Gill [mailto:gillsr at yahoo.com]
Sent: Friday, March 28, 2003 12:33 PM
To: hhadiwinoto at hotpop.com;
Cc: team-cymru at cymru.com
Subject: RE: [j-nsp] How to protect m-series from bad guy
Hi Hendro,
Here are a few documents for starters.
JUNOS Secure Template
http://www.qorbit.net/documents/junos-template.pdf
http://www.qorbit.net/documents/junos-template.htm
JUNOS Secure BGP Template
http://www.qorbit.net/documents/junos-bgp-template.pdf
http://www.qorbit.net/documents/junos-bgp-template.htm
JUNOS Secure BGP Application Note
http://www.qorbit.net/documents/junos-bgp-appnote.pdf
http://www.qorbit.net/documents/junos-bgp-appnote.htm
JUNOS Loose ISP Prefix Filter Template
http://www.qorbit.net/documents/junos-isp-prefix-filter-loose.pdf
http://www.qorbit.net/documents/junos-isp-prefix-filter-loose.htm
JUNOS Strict ISP Prefix Filter Template
http://www.qorbit.net/documents/junos-isp-prefix-filter-strict.pdf
http://www.qorbit.net/documents/junos-isp-prefix-filter-strict.htm
Some sample JUNOS configurations for remotely triggered blackhole
filtering can also be found here:
http://www.cymru.com/BGP/bogon-rs.html
http://www.secsup.org/CustomerBlackHole/
Comments and / or suggestions are always appreciated.
Cheers,
Steve, for Team Cymru
http://www.cymru.com/About/teamcymru.html
-- steve
gillsr at yahoo.com
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
hhadiwinoto at hotpop.com
Sent: Friday, March 28, 2003 11:12 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] How to protect m-series from bad guy
Hi,
In order to hardern my M-series, I would like to ask you how to
configure
M-series to detect anti-dos, tcp-flood, land-attack, or other security
threats.
I have downloaded some security white papers from juniper web site, but
would like to know other resources besides the juniper web site.
Any help would be appreciated. Thanks.
Regards
Hendro
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list