Skip to main content

Posts

Showing posts from October, 2015

Best practices for SonicWall VPN Tunnel configuration

There are some factors that we need to consider when we setup Site to Site VPN Tunnel with SonicWall Firewall. If we forgot to conside these factors, we will encounter frequent connection drop on your Tunnel. (e.g. RDP connection timeout) Below are those we should consider when we setup VPN Tunnels with SonicWall. 1) TCP Timeout TCP Connection Inactivity Timeout value of SonicWall and other Firewalls are 15 minutes by Default. In real world, this value can make your RDP connection drop frequently. So, Firewall Tech Support are recommended to set the TCP Timeout Value from 30minutes to 60minutes. Higher TCP Timeout Value are inviting some unnecessary security threats and that's why we should only allow for specific connection in your Policy-Based VPN Tunnels or Route-Based VPN Tunnels. 2) Packet Fragmentation As RDS is a streaming protocol, packet fragmentation should be avoided. Almost all Firewall including SonicWall has Fragmented Packet Handling and Ignore DF (Don

Configuring IPS functions in HP MSR Series Router

I've wrote post about Network Attack previously and now I'd like to share how to configure IPS function in HP MSR Series Customer Edge Router. In general, this kind of router are provided by ISP and Engineer/Technician are configure for you if you pay for the service fees but they will not enable IPS function for you mostly. If you didn't expense extra service fees for router configuration, then it's fall on your responsibility. Anyway, the router must enable IPS function either you or they configure it. Why? It is easy to get our IP address and get attack my attacker nowadays. OK. Let's start it now. - First you have to configure attack defense policy - Then apply on router interfaces respectively. Use below commands to create Single-Packet Attack policy and prevent system-view attack-defense policy 1 signature-detect fraggle enable signature-detect icmp-redirect enable signature-detect large-icmp enable signature-detect route-record enable sign

Network Attack Types in brief explanation

In general,we can classify the network attacks in three part as Single-Packet Attack, Scanning Attack and Flood Attack. Single-packet attack is also called malformed packet attack because many single-packet attacks use defective IP packets, such as overlapping IP fragments and packets with illegal TCP flags. A single-packet attack occurs when: • An attacker sends defective IP packets to a target, causing the target system to malfunction or crash. • An attacker sends large quantities of junk packets to the network, using up the network bandwidth. Single-Packet Attack has multipe types and below list are Single-Packet Attack types those can be found in real world. Smurf attack ICMP redirect attack ICMP unreachable attack Large ICMP attack TCP flag attack Tracert attack Fraggle attack WinNuke attack Land attack Source route attack Route record attack Scanning Attack is actually an attacker uses some scanning tools (like nmap,nessua, satan,ettercap) to scan host addresse