fireawll | Life As A Network Engineer

Using VSRX IDP to detect pre-triggered Attack – Metasploit Frame-Work – SCAN:MISC:HTTP:VTI-BIN-PROBE

Nov 13

Hi,

I was studying about IDP and as always I wanted to test the feature out. First of all, Its VSRX , so do not expect that it detects everything out of the box, but it did fairly a nice job to start with.

Topology

Exploit

SCAN:MISC:HTTP:VTI-BIN-PROBE

Description: This signature detects requests to a URL that can execute a denial of service (DoS) on Microsoft IIS with FrontPage extensions.

No attack detected as of yet and attack-Table is Empty

Configuring VSRX so that i has IDP capabilities, for more you can have look at the below post about installation Details

https://r2079.wordpress.com/2015/09/16/appsecure-suite-installing-license-evaluation-version-on-vsrx-firefly/

I have used Metasploit to attack my home lab device

As we can clearly see, SRX has detected the attack and displayed the appropriate attack-Type.

Regards

Rakesh M

Testing Endian Firewall – So Far So Good !

Aug 16

Hello,

I was testing Endian Firewall(http://www.endian.com/) for Some VPN features and Firewall capabilities. Last post I wrote about untangle. (https://r2079.wordpress.com/2015/08/06/a-small-client-and-a-feasible-solution-captive-portal-and-untangle-made-my-clients-day/), one thing I understood is that not everyone uses Checkpoint/asa/Srx ;), depends on Client Base/Cost/Business proposals etc.

I had to verify Endian to verify some firewall rules written for an End PBX as it was blocking. Now, I have handled Endian Before as well, but that was at a period when Endian was just getting noticed and we had to integrate it with opposite branch firewall as Endian was uplinking to Cisco ASA. – IRONY 😉

This was on the fly and you can download the community version on the go and test as well. The entire system is based on http mostly and Sort of Zone-based Firewall concept arises here.

I had setup a simple IPSEC vpn within 5 minutes

Here is the below topology