Using VSRX IDP to detect pre-triggered Attack – Metasploit Frame-Work – SCAN:MISC:HTTP:VTI-BIN-PROBE

No Comments

Hi,

I was studying about IDP and as always I wanted to test the feature out. First of all, Its VSRX , so do not expect that it detects everything out of the box, but it did fairly a nice job to start with.

Topology

1_topology

Exploit

2_Metasploit_frame_work_attack_search

SCAN:MISC:HTTP:VTI-BIN-PROBE

Description: This signature detects requests to a URL that can execute a denial of service (DoS) on Microsoft IIS with FrontPage extensions.

No attack detected as of yet and attack-Table is Empty

3_empty_attack_table

Configuring VSRX so that i has IDP capabilities, for more you can have look at the below post about installation Details

https://r2079.wordpress.com/2015/09/16/appsecure-suite-installing-license-evaluation-version-on-vsrx-firefly/

4_configuration

I have used Metasploit to attack my home lab device

5_attacking_lan

As we can clearly see, SRX has detected the attack and displayed the appropriate attack-Type.

6_srx_detecting_Attack

Regards

Rakesh M

Testing Endian Firewall – So Far So Good !

No Comments

Hello,

I was testing Endian Firewall(http://www.endian.com/) for Some VPN features and Firewall capabilities. Last post I wrote about untangle. (https://r2079.wordpress.com/2015/08/06/a-small-client-and-a-feasible-solution-captive-portal-and-untangle-made-my-clients-day/), one thing I understood is that not everyone uses Checkpoint/asa/Srx ;), depends on Client Base/Cost/Business proposals etc.

I had to verify Endian to verify some firewall rules written for an End PBX as it was blocking. Now, I have handled Endian Before as well, but that was at a period when Endian was just getting noticed and we had to integrate it with opposite branch firewall as Endian was uplinking to Cisco ASA. – IRONY 😉

This was on the fly and you can download the community version on the go and test as well. The entire system is based on http mostly and Sort of Zone-based Firewall concept arises here.

I had setup a simple IPSEC vpn within 5 minutes

Here is the below topology

topology

Building IPSEC Vpn and leaving at its defaults

settingup_firewall_vpn_1 vpn2 vpn3

Now, verifying few other firewall rules and adding static routing

blocking_specific_trafic_4 static_routing_5

Final result

final_result

On the Whole, Setup was quite easy and I should say I am far more impressed with this than Untangle as this is simple and easy to use.

Regards

Rakesh Madupu

Close Bitnami banner
Bitnami