In today world the strongest DDOS are amplification attacks. They use UDP based services. There 2 steps of the attack. First – attacker finds wrong configured servers on public Internet. The second step is that PC with malware sends to these servers small UDP packets with changed IP address. In IP SRC field of the[…]

In previous posts I shown how to network on IPv4. IPv6 is a different world, IPv4 ACLs and approach will not work. IPv6 traffic runs in parallel to IPv4 and IPv4 ACLs/Firewall will not block IPv6 traffic. The main problem of IPv6 is that even when you don’t enable IPv6 on routers, some of customers[…]

We were talking about 6 L2 attacks in topic about DHCP snooping. There are also different attacks on switching technologies.One of the main L2 technologies is VLAN. VLAN hopping 1) Spoofing of switch Attacker is connecting to access port and is changing it to trunk Mitigation is very simple – disable DTP negotiation on trunk[…]

When we connect customers to Access switch we immediately face these security threats : DHCP spoofing – some PC in the network will run DHCP server. It can be cause even by wrong configuration of Windows machine. In this case, some of computers inside LAN will connect to new DHCP server and will forward packets[…]

Cisco has different types of ACLs, below are most used types : 1. Standard ACL The oldest and simplest type is standard ACL – numbers are 1-99, 1300-1999 – wildcard masks are used – filters only based on SRC IP address/network – ACL can work with IP addresses only, no L4-L7 features example : we[…]

Zone Based Firewall. Let’s say we have a router which is connected to Internet, LAN and also is connected to our office Server Farm. It has 3 interfaces and we create 3 zones — INTERNET, LAN, DMZ. We will have to create in total 6 policies: LAN → INTERNET INTERNET → LAN LAN → DMZ[…]