[rbak-nsp] DOS protection and olther security questions

Dariusz Siedlecki siedar at pronet.lublin.pl
Wed Mar 12 05:38:54 EDT 2014


W dniu 2014-03-12 09:25, Michael J. Gage pisze:
>
> I have had several colleges recently ask me for things I have done in 
> my own network and if it could benefit theirs.
>
> With the rise of problems on the internet and so many networks lacking 
> security, I wanted to get some community opinions about security 
> measures that you have found beneficial for your Redback routers.
>
> Please share your experiences and advice but remember not to divulge 
> information about your networks that could be used maliciously.
>
> I am trying to get some feedback as well as share information across 
> the community to help make all of our networks safer and more reliable.
>
> If you would like information on administrative ACLs, I can help you 
> privately.
>
> To be clear, my focus is on customer data flow and not local security 
> policies.
>
> I understand that traffic policies and network security is something 
> that most administrators are reluctant to share.
>
> I would be happy to post information back to the community on behalf 
> of individuals who would like to remain anonymous.
>
> My goal is to help the administrators within the community who have 
> needs or may not know that they have needs.
>
> Thank you,
>
> Michael
>
>
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
Hello Michael,

We were talking with Ozga Rafal  and Marcin Kuczera about security 
problems last time.

We have problem with strange floods on broadcast addresses of IP subnet 
that is active on RB.

As Rafal advice we did a test today - by sending 1Gb/s flood to random 
broadcast address on RB.

We lost connection to RB, lost snmp connection and radius connections, 
and bgp sessions


Mar 12 08:35:32: %LM-3-ERR: Receiving interface for Ping/Traceroute 
request not located
Mar 12 08:35:35: %SYSLOG-6-INFO: aaad: Radius Auth srv 192.168.89.8/1812 
(1812) no response in 259 sec. (user 00:13:49:6a:ee:a5).Marked dead

Mar 12 08:43:25: [0002]: %BGP-6-INFO: x.x.x.x DOWN - Notification sent
Mar 12 08:43:25: [0002]: %BGP-6-INFO: x.x.x.x send NOTIFICATION: 4/0 
(hold time expired) with 0 byte data. mxReadMs=61097


That makes RB isolate from network and unusable

This problem appears on 6.2.1.9 SEOS and 12.x SEOS.

Rafal has found solution and I think it would share it to community.

There is no solution or we don't know the solution like  - one command.

Best regards

Dariusz Siedlecki


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20140312/5bbbdcd3/attachment.html>


More information about the redback-nsp mailing list