28
May
2011
Border Firewall on Transport Layer Attack
By IPSECS Admin. Posted in Exploitation | No Comments »It’s been long time that i didn’t play with security toys, last night i did play with some toys called hping and fudp. Hping is useful tool to do manipulation on packet header so we can send traffic on any wish. This tool is really cool for manipulating IP, ICMP, UDP, and TCP headers. Fudp is tool which’s designed for UDP flooding. It can launch UDP flooding with/without IP spoofing. You can specify how long the flooding will run.
Unfortunately, IP spoofing is not worked for me. I remember during that time, we were the one who created configuration on operator border firewall to not allow spoofing and some flooding. You can read some documentation related to how to block attack on network/transport layer level. Below is some example:
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen ip spoofing
set security screen ids-option untrust-screen tcp syn-flood
set security screen ids-option untrust-screen tcp syn-fin
set security screen ids-option untrust-screen tcp fin-no-ack
set security screen ids-option untrust-screen tcp syn-frag
set security screen ids-option untrust-screen tcp land
set security screen ids-option untrust-screen udp flood
set security screen ids-option untrust-screen limit-session source-ip-based 100
set security zones security-zone untrust screen untrust-screen
Above is an example how to configure Screen on JunOS running on SRX Firewall. Have fun!