AW: [j-nsp] Sylog port filtering
Struck, Olaf
Olaf.Struck at lambdanet.net
Fri Apr 11 09:32:04 EDT 2003
Hi Hendro,
the term9 which rejects syslog has to occur before term12 in your firewall
filter.
/Olaf
-----Ursprüngliche Nachricht-----
Von: hhadiwinoto at hotpop.com [mailto:hhadiwinoto at hotpop.com]
Gesendet: Freitag, 11. April 2003 04:15
An: juniper-nsp at puck.nether.net
Betreff: [j-nsp] Sylog port filtering
Hi all,
In regards to block sylog(514)/udp port to prevent sylog-flood attack, I
did some filtering on my m-series as below,
Configure firewall filtering
============================
firewall {
policer udp-250k {
if-exceeding {
bandwidth-limit 250k;
burst-size-limit 25k;
}
then discard;
filter inbound-filter {
term 9 {
from {
protocol udp;
}
then {
count policer-udp-250k;
accept;
}
}
term 12 {
from {
protocol udp;
destination-port syslog;
}
then {
reject;
}
}
Apply in specific interface
==========================
ds3-0/2/0 {
unit 0 {
family inet {
filter {
input inbound-filter;
}
address x.y.z.250/30;
}
}
after I applied this filter, I did port-scan my router by using nmap-3.20
and found...
C:\boljug\nmap\nmap-3.20>nmap -sU x.y.z.250
Starting nmap 3.20 ( www.insecure.org/nmap ) at 2003-04-09 01:29 SE Asia
Standard Time
Interesting ports on x.y.z.250:
(The 1469 ports scanned but not shown below are in state: closed)
Port State Service
514/udp open syslog
Nmap run completed -- 1 IP address (1 host up) scanned in 31.516 seconds
I m really not sure whats wrong with my m-series or nmap using stealth
probes-technique so it can bypass the firewall filtering or need to apply
this filter on my RE ? Please advise.
As addition I use Junos 5.6R1.
Any helps/comments really apreciated.
Regards
Hendro
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list