Skip to main content

Configuring IPS functions in HP MSR Series Router

I've wrote post about Network Attack previously and now I'd like to share how to configure IPS function in HP MSR Series Customer Edge Router.

In general, this kind of router are provided by ISP and Engineer/Technician are configure for you if you pay for the service fees but they will not enable IPS function for you mostly.
If you didn't expense extra service fees for router configuration, then it's fall on your responsibility.

Anyway, the router must enable IPS function either you or they configure it.
Why? It is easy to get our IP address and get attack my attacker nowadays.

OK. Let's start it now.
- First you have to configure attack defense policy
- Then apply on router interfaces respectively.

Use below commands to create Single-Packet Attack policy and prevent
system-view
attack-defense policy 1
signature-detect fraggle enable
signature-detect icmp-redirect enable
signature-detect large-icmp enable
signature-detect route-record enable
signature-detect smurf enable
signature-detect source-route enable
signature-detect tcp-flag enable
signature tracert enable
signature winnuke enable
signature-detect large-icmp max-length 2000 (4000 bytes by default and you can customize the value if you want)
signature-detect action drop-packet

Use below commands to create Scanning Attack policy and prevent
system-view
attack-defense policy 1
defense scan enable
defense scan max-rate 2000 (4000 bytes by default and you can customize the value if you want)
defense scan add-to-blacklist
defense scan blacklist-timeout 10
quit
blacklist enable

Use below commands to create Flood-Attack policy and prevent
Flood Attack is to prevent Server located in DMZ/LAN segment usually.
system-view
attack-defense policy 1
defense syn-flood enable
defense syn-flood rate-threshold high 1000 low 750 (default is 1000 packets per second and 750 packets per second. But you can customize if you want)
defense syn-flood ip x.x.x.x rate-threshold high xxxx low xxx (You can customize IP and rate value if you want or just leave it default as this is optional)
defense sync-flood action drop-packet

system-view
attack-defense policy 1
defense icmp-flood enable
defense icmp-flood rate-threshold high 1000 low 750 (default is 1000 packets per second and 750 packets per second. But you can customize if you want)
defense icmp-flood ip x.x.x.x rate-threshold high xxxx low xxx (You can customize IP and rate value if you want or just leave it default as this is optional)
defense icmp-flood action drop-packet

system-view
attack-defense policy 1
defense udp-flood enable
defense udp-flood rate-threshold high 1000 low 750 (default is 1000 packets per second and 750 packets per second. But you can customize if you want)
defense udp-flood ip x.x.x.x rate-threshold high xxxx low xxx (You can customize IP and rate value if you want or just leave it default as this is optional)
defense udp-flood action drop-packet

Use below commands to apply configured policy on each WAN and DMZ/LAN interfaces.
system-view
interface gi0/0
attack-defense apply policy 1
interface gi0/1
attack-defense apply policy 1

Well. We are done now and do not forget to save configuration.
You router performance will be a bit slow but it is better than you got attack by attacker.

I've used above command in HP MSR930 Router and you can also configure some of attack defense function in Cisco and other brand router. Yes, you might need OS license for some certain feature for IPS as well.

Have a good day.
(Be knowledgeable, pass it on then)

Comments

Popular posts from this blog

Fortigate guide for Begineer - 6

I would like to explaine how to troubleshoot the Fortigate Unit configured by Transparent Mode in step by step this time. Let's assume, you have one Fortigate Unit that configured as Transparent Mode. But devices from Internal/Private Network unable to access Internet/Public Network through your Fortigate Unit. OK. Let's troubleshoot with following steps, 1) Check the physical network connections between the network and the FortiGate unit, and between the FortiGate unit and the Internet. 2) Check the router and ISP-supplied equipment to make sure it is operating correctly. 3) Verify that you can connect to the internal interface by connecting to the management IP address of the FortiGate unit from the Internal network. From the internal network, attempt to ping the management IP address. If you cannot connect to the internal interface, verify the IP configuration of the PC and make sure the cables are connected and all switches and other devices on the network are powered on a

Solving the "A general system error occured:Invalid fault" error in vSphere 4

Below error was come out when you try to migrate VM to other host for some reason. Below error was come out when you try to edit VM setting. Below error was come out when you power on the VM. How to solve those error? Here is how I resolve the error! Login to the Host that errored VM exist by using Terminal or Direct Console. Enter below command and press enter. services.sh restart Wait until all VMware Services are restarted. After that try to Power On/Edit Settings or Migrate the errored VM and you will see all you can do without any error pop-up. This kind of errors can occur if you shutdown/restart VM unproperly or shutdown/restart the Host unproperly that VM exist. You can check log file deeply if you willing to know precisely on this. May you all be happy. (Be knowledgeable, pass it on then)

Why do we need network virtualization?

We need to think about Server Virtualization first if we want to talk about Network Virtualization. In the era of cloud computing, servers are virtualized and used in Data Centers. We are facing a lot of problem when we virtualized our Servers, 1) Routing and Switching Problem Routing become the issue when we create Virtual Switch and VLANs according to production requirement. Network Team might need some time to change on their end to meet with Server Virtualization Team changes on their end. ၂) Firewall Services Physical Firewall are difficult to manage due to the large number of rules needed to satisfy business requirements. New applications, new projects, and new networks all come with potential security requirements, which impact centralized firewall management. ၃) Load Balancing Let's say your company deploys a new physical load balancer for each tenant, resulting in increased capital expenditures. Once a tenant reaches their maximum capacity, it ca