Close Panel

28

May

2011

Border Firewall on Transport Layer Attack

By IPSECS Admin. Posted in Exploitation | No Comments »

It’s been long time that i didn’t play with security toys, last night i did play with some toys called hping and fudp. Hping is useful tool to do manipulation on packet header so we can send traffic on any wish. This tool is really cool for manipulating IP, ICMP, UDP, and TCP headers. Fudp is tool which’s designed for UDP flooding. It can launch UDP flooding with/without IP spoofing. You can specify how long the flooding will run.

Unfortunately, IP spoofing is not worked for me. I remember during that time, we were the one who created configuration on operator border firewall to not allow spoofing and some flooding. You can read some documentation related to how to block attack on network/transport layer level. Below is some example:


set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen ip spoofing
set security screen ids-option untrust-screen tcp syn-flood
set security screen ids-option untrust-screen tcp syn-fin
set security screen ids-option untrust-screen tcp fin-no-ack
set security screen ids-option untrust-screen tcp syn-frag
set security screen ids-option untrust-screen tcp land
set security screen ids-option untrust-screen udp flood
set security screen ids-option untrust-screen limit-session source-ip-based 100
set security zones security-zone untrust screen untrust-screen

Above is an example how to configure Screen on JunOS running on SRX Firewall. Have fun!


 

10

Jul

2010

Turning Router Into Sniffer

By IPSECS Admin. Posted in Exploitation | No Comments »

It’s easy to intercept data communication inside linux/unix environment since there are so many tools to help us. We have tcpdump, wireshark, ettercap, dsniff, and still many others. But, can you imagine how to sniff data flows trough router? If our router are Juniper family, then we are lucky enough because Juniper has internal command which works like tcpdump on unix/linux system. For example, we can use this following command to sniff traffic on Juniper interface ge-0/0/0.0

monitor traffic interface ge-1/0/0.0 detail no-resolve
monitor traffic interface ge-1/0/0.0 detail no-resolve print-ascii print-hex

These two commands will work in Juniper like tcpdump in linux/unix below:

tcpdump -nev -i ge-1/0/0.0
tcpdump -nev -X -i ge-1/0/0.0

But remember, ge-1/0/0.0 interface is not known in linux/unix so that’s why you have to change this with Network Interface Card (NIC) in linux/unix. Then, how if our router is not Juniper family? Here, i’ll write my experience in sniffing inside Cisco router which’s known as the most popular router over the world.


Read more »