Архивы Security

Juniper. Port Blocking Filter

I will give an example of blocking SMTP port 25 TCP so that users cannot send spam to servers, that is, they cannot make an outgoing connection to the destination port 25 TCP, instead they can make a connection to ports with authorization and encryption, for example 465 or 587.

Installing GeoIP in Apache2

I was once asked to block some countries on a web server running Apache2 and Ubuntu Server 20.04.

Nginx. Using the map module

Once I needed to additionally keep a log of 404 requests in a separate file, with subsequent export via rsyslog to a mysql database and processing by scripts.

How to configure BGP prefix-limit on Juniper

I will give an example of setting up prefix-limit for BGP so that a neighbor does not accidentally send more routes than he should.

MySQL. Accepted a connection with deprecated protocol ‘TLSv1.1’

One day I noticed warnings in the MySQL logs:

Restricting access to management on Huawei S2326TP-EI

I will give an example of setting up an ACL to restrict access to Telnet, SSH, SNMP on Huawei S2300 series switches.

Juniper. Configuring RPF in Dynamic Profiles

For example, I will configure unicast RPF (reverse-path forwarding) on Juniper MX204.
RPF allows you to reduce the impact of DOS-type attacks on IPv4 and IPv6 interfaces.

Cleaning the chamber of the FireProtect Plus Ajax sensor

Once it was necessary to clean the smoke chamber of the Ajax FireProtect Plus sensor, as a dust alarm was triggered (an audible signal was periodically emitted from the sensor itself and a notification in the application).

Testing a DHCP server with dhcpperf

dhcpperf is a DHCP load testing tool.

High CPU load on Cisco Nexus 3064

Once I discovered on the graphs a large burst of Multicast packets on one of the ports of the Cisco Nexus 3064 switch, while the CPU load increased to 30%, before that it was 12% with L2 traffic of 13 Gbit/s.