Security – IT Blog

Nginx. Using the map module

Once I needed to additionally keep a log of 404 requests in a separate file, with subsequent export via rsyslog to a mysql database and processing by scripts.

How to configure BGP prefix-limit on Juniper

I will give an example of setting up prefix-limit for BGP so that a neighbor does not accidentally send more routes than he should.

MySQL. Accepted a connection with deprecated protocol ‘TLSv1.1’

One day I noticed warnings in the MySQL logs:

Restricting access to management on Huawei S2326TP-EI

I will give an example of setting up an ACL to restrict access to Telnet, SSH, SNMP on Huawei S2300 series switches.

Juniper. Configuring RPF in Dynamic Profiles

For example, I will configure unicast RPF (reverse-path forwarding) on Juniper MX204.
RPF allows you to reduce the impact of DOS-type attacks on IPv4 and IPv6 interfaces.

Cleaning the chamber of the FireProtect Plus Ajax sensor

Once it was necessary to clean the smoke chamber of the Ajax FireProtect Plus sensor, as a dust alarm was triggered (an audible signal was periodically emitted from the sensor itself and a notification in the application).

Testing a DHCP server with dhcpperf

dhcpperf is a DHCP load testing tool.

High CPU load on Cisco Nexus 3064

Once I discovered on the graphs a large burst of Multicast packets on one of the ports of the Cisco Nexus 3064 switch, while the CPU load increased to 30%, before that it was 12% with L2 traffic of 13 Gbit/s.

Description of DNS Amplification Attacks

In this article, I will briefly describe the principle of DDoS DNS Amplification attacks.

Configuring OCSP Stapling

OCSP is a protocol for checking the validity of certificates, that is, to make sure that they have not been revoked and whether they were actually issued. Enabling OCSP Stapling on the web server side allows you to increase the speed of site opening, since the request to the certification authority is made not by the browser, but by the web server.