For example, I will configure unicast RPF (reverse-path forwarding) on Juniper MX204.
RPF allows you to reduce the impact of DOS-type attacks on IPv4 and IPv6 interfaces.
Category Archives: Security
Cleaning the chamber of the FireProtect Plus Ajax sensor
Once it was necessary to clean the smoke chamber of the Ajax FireProtect Plus sensor, as a dust alarm was triggered (an audible signal was periodically emitted from the sensor itself and a notification in the application).
Continue reading “Cleaning the chamber of the FireProtect Plus Ajax sensor”Testing a DHCP server with dhcpperf
dhcpperf is a DHCP load testing tool.
Continue reading “Testing a DHCP server with dhcpperf”High CPU load on Cisco Nexus 3064
Once I discovered on the graphs a large burst of Multicast packets on one of the ports of the Cisco Nexus 3064 switch, while the CPU load increased to 30%, before that it was 12% with L2 traffic of 13 Gbit/s.
Continue reading “High CPU load on Cisco Nexus 3064”Description of DNS Amplification Attacks
In this article, I will briefly describe the principle of DDoS DNS Amplification attacks.
Continue reading “Description of DNS Amplification Attacks”Configuring OCSP Stapling
OCSP is a protocol for checking the validity of certificates, that is, to make sure that they have not been revoked and whether they were actually issued. Enabling OCSP Stapling on the web server side allows you to increase the speed of site opening, since the request to the certification authority is made not by the browser, but by the web server.
Continue reading “Configuring OCSP Stapling”Displaying SNMP Traps about Loop Detect in Zabbix
In this article, I will give an example of SNMP Traps display about Loop Detect in Zabbix.
Continue reading “Displaying SNMP Traps about Loop Detect in Zabbix”Using BNG Blaster
BNG Blaster is a testing tool, it can create thousands of virtual PPPoE and IPoE clients to test the performance of access servers, it also supports IGMP, QinQ, IPv6, etc.
Continue reading “Using BNG Blaster”Blocking SPAM behind a NAT server
In this article I will give an example of detecting and blocking the sending of spam messages behind a NAT server.
Continue reading “Blocking SPAM behind a NAT server”Installing and configuring Aircrack-ng
Aircrack-ng is a set of programs designed to detect wireless networks, intercept traffic transmitted over wireless networks, audit WEP and WPA/WPA2-PSK encryption keys (strength test).
Official site: www.aircrack-ng.org