In today world Ddos attacks are often and one of the simplest is TCP SYN flood. Prevent this attack is easy in Cisco environment. Cisco devices have a feature called “tcp intercept”. To prevent TCP Syn attacks on server we can deploy TCP intercept feature on router which is located between Internet and server. What[…]

I’m using NFP concept in designing of security in networks. It consist of 3 elements – protecting of Data plane (forwarding of packets), Control plane (routing protocols management layer), Management plane (access to device, administration layer). Below is a basic mindmap where were put technologies I’m going to explain in further topics. Also it’s needed[…]

I had a small task to connect two branch offices of a customer, one in Cape and second in JHB. Unfortunately JHB is not part of our MPLS network and has two Uplink connections, each 1 Mbps with Serial interfaces. When I was studying for CCNP I got a lot of Serial links tasks but[…]

For proper RDNS work we have to put information about our Reverse Domain and Name server into RIPE (ARIN, AFRINIC) Database. Before this can be done, we must setup our name server. I’m using BIND name server. Each /24 network is present as a single Reverse Domain. For example, you’ve got a /22 IPv4 network, it[…]

First of all I would like to say that BGP configuration on Mikrotik can be made with CLI and Winbox/Webadmin. I recommend to use CLI with BGP, because this protocol contains a lot of routes and display them in Winbox is painful. Let’s assume that our AS number is – AS12345, IP address is – 192.168.255.25,[…]