How to protect your mikrotik router from DDoS Attacks – Basics

Distributed Denial of Service Attacks or DDoS is quite popular these days and it’s not hard to guess the the name of the originating country – China/Hong Kong tops the list of the attackers. Huh!

It has been a long time I’m working with mikrotik devices. So, it is not anything new for me. Guess what I faced DDoS first time in my home network. Trust me, it took my whole network down in minutes. So, just imagine what would happen to an enterprise network! Anyways, if you need to know more about it just google it and you will find a whole lot of article on it.

So, whenever you are configuring your mikrotik router for the first time it’s better if you configure the filter rules to prevent the attacks – “Prevention is better than cure!”

General Symptoms:

  • Full WAN uplink bandwidth utilisation even if no clients are connected to your router.
  • Extremely high  latency.
  • Several unknown IPs connected to your router’s public IP. [See this from the torch option and sort by Rx/Tx]
  • If you are curious enough and do some IP lookups you can see those IPs are of mainly CHINANET network. Beware!!

Continue reading…

Enjoyed this post? Share it!

 
 

Gaining access to an unconfigured Cisco 3750 Switch without Console, Telnet and SSH Access

Huh!! What happens when you need to configure a Cisco 3750 immediately for production network but unfortunately you don’t have console, telnet, or SSH access? I know it’s damn scary and if it happens at 02:00 hours then you have no one to help you.

Problem:

Recently during an installation, I faced the exact same situation where I was presented with a Cisco 3750 switch but no methods of accessing it. Forget about SSH and Telnet as no Management VLAN was configured in it [It was totally an unconfigured one].

You might be thinking of Console access. Right? Damn it was not accessible too. Let me tell you the problems in brief.

  • Only 1 PC had a Serial port and had only Ethernet to Console cable. No USB to Serial Converter were there.
  • Console only displayed debug messages but keystrokes were were accepted.
  • All the settings on my hyper terminal were correct and it was as per Cisco’s recommendation.
  • Tried variations of Flow Control, baud rate etc but none helped.
  • Tried atleast 4 different applications for console access including putty, hyper terminal, secure crt, tera term. Results were all same.
  • Tried 4 brand new console cables.

Continue reading…

Enjoyed this post? Share it!

 
 

Monitoring & Securing your Cisco devices with Syslog & TACACS + Server – Basics

While deploying logging and authentication solution for a company, I came across a very interesting technology called TACACS + and Syslog. Though I have worked with Syslog previously but TACACS was a new protocol for me. Now, why suddenly someone would deploy these two protocols and also at the same time? Yes… you guessed it right – SECURITY was the main reason behind the deployment of these two.

First of all TACACS is an Authentication, Authorization and Accounting (AAA) server used for centralised authentication of users for device management unlike RADIUS servers used mainly for user authentication for wire and wireless network access.

Coming to the syslog portion, I can definitely say that all network admins must implement syslog server for better monitoring of their devices and take immediate action on any emergency incident. You won’t believe what I found after I enabled syslog for one of our cisco switch – NUMEROUS BRUTE-FORCE ATTACKS !!! Those attacks generated mainly from China and Hong Kong based IP Address. We all know that there are 7 types of facility. A facility is used to specify what type of program is logging the message. This lets the configuration file specify that messages from different facilities will be handled differently. The list of facilities available are:

Value Severity Keyword Description / Examples
0 Emergency emerg Multiple apps/servers/sites. This level should not be used by applications.
1 Alert alert Should be corrected immediately, An example might be the loss of the primary ISP connection.
2 Critical crit May be used to indicate a failure in the system’s primary application.
3 Error err An application has exceeded it file storage limit and attempts to write are failing.
4 Warning warning May indicate that an error will occur if action is not taken, For example a non-root file system has only 2GB remaining .
5 Notice notice Events that are unusual but not error conditions .
6 Informational info Normal operational messages -no action required. Example an application has started, paused or ended successfully.
7 Debugging debug Info useful to developers for debugging the application.

Continue reading…

Enjoyed this post? Share it!

 
 

How to install Radius Manager 4 in CentOS 7 [with Video]

A little Introduction…

Again I’m am writing about radius manager after a long time. But this time something more updated that is installation of Radius Manager in CentOS 7 which is currently the latest Cent OS version available. Here I will do the installation in a 64 bit version of CentOS 7 downloaded recently from CentOS Official website.

As we all know Radius Manager is a product of DMA Softlabs. Their support team told me that CentOS 7 is not compatible and told me to install 32 bit version of CentOS 6. But I thought of installing the latest OS ofr more updated and secured feature sets.

Initially I faced a lot of problem while trying to install Radius Manager 4 in CentOS 7. But eventually after lot of research and discussions with Mr. Syed Jahanzaib helped me to come up with a solution and install Radius Manager 4 in CentOS 7 perfectly.

However, If you want to install it in Ubuntu Server follow this.

Initial Prerequisites:

  • CentOS 7 (64 bit preferred)  – Downloadable from CentOS Official website – CentOS-7.0-1406-x86_64-DVD.iso
  • Radius Manager 4.1.6 – Downloadable from customer portal of DMA Softlab.
  • Radius Manager License Files – lic.txt and mod.txt – Downloadable from customer portal of DMA Softlab after purchase or trial.

Note: If you need to change MAC for CentOS 7 please refer to my tutorial here.

Update: Some users are facing yum repo issues after installing epel. To solve that:

1. nano /etc/yum.repos.d/epel.repo

2. Replace https with http.

3. Save and exit.

4. yum repolist. Verify installation is successful.

4. Issue yum update

 Steps to install Radius Manager 4 in CentOS 7

  1. After you clean install CentOS 7 with proper NIC MAC Address configured, install nano for editing the configuration files.
    yum install update
    yum install nano
  2. Disable SELinux by editing the following and changing SELINUX=disabled
    Continue reading…

Enjoyed this post? Share it!

 
 

How to change MAC Address in CentOS 7 [with Video]

This tutorial will show you how to change MAC Address in CentOS 7. I assure you this is a perfectly working and tested method. In many cases you need to change MAC to allow internet access or run any MAC based licensed software like Radius Manager. So for those situations here we go.

Steps to change MAC Address in CentOS 7:

  1. Update CentOS Repositories by:
    yum update
  2. Install nano (for editing config files) and net-tools (for enabling ifconfig command).
    yum install nano net-tools
  3. Go to the ethernet configuration file.
    Continue reading…

Enjoyed this post? Share it!

 
 

How to automatically map your dynamic WAN IP to your Mikrotik Router?

So, you have a broadband connection and your IP is not static. That’s a big problem in case you need to manage it remotely from anywhere in the world. So here’s a simple process to solve this issue and never remember your IP again. So to Automatically map dynamic WAN IP to your Mikrotik Router follow these steps:

  1. Login to your router via winbox.
  2. Goto IP->Cloud. Check DDNS Enabled. Now note the ddns created for you.
    1
  3. I bet you can’t remember the huge auto generated DDNS. If you can, go to step else follow along.
    Continue reading…

Enjoyed this post? Share it!

 
 

Download Juniper vSRX – Firefly & Juniper E-Books

In this post I’m going to share with you the latest vSRX ova file while you can run in your VMWare Workstation as well as in ESX Server (if you have one).

I am also going to share the following Juniper e-books which will be of great help

1. Juniper Networks Warrior
2. Juniper SRX Series
3. Junos Enterprise Routing, 2nd Edition
4. Junos Security
5. junos service provider switching

Download all the Juniper E-Books here.

Download Juniper vSRX –  junos-vsrx-12.1X47-D15.4 here .

Mirror links:

1. Download from mega.

2. Download from drive.

Just extract the rar file and install the ova in VMWare workstation and you are good to go.

If you need help, Juniper has this basic config manual for vSRX. Have a look!

Enjoyed this post? Share it!

 
 

How to install vCenter Server 5.5 in Windows 7 OS

Recently I faced a lot of trouble installing vCenter Server 5.5 in Windows 7 OS. According to VM Ware documentation, we can’t install it on consumer grade OS like Windows 7 or Windows 8 as it only supports Windows Server based OS.

But it is no possible for many of home users studying for VCP Certification to setup by installing another Windows Server OS due to lack of resources. So the following post gives a quick tutorial on How to install vCenter Server 5.5 in Windows 7 OS.

1) Extract vCenter Server ISO using 7zip.

1

2) Download and install InstEd.

3) Download VMware vCenter Server – tc Server.
Continue reading…

Enjoyed this post? Share it!

 
 

How to use Cisco ASA 8.4 with GNS3

This tutorial will help you setup your CCNA, CCNP or CCIE Security Lab with Cisco ASA 8.4 which is currently supported by the latest version of GNS3.

  1. Download the source files here.
  2. Extract them and place them in the GNS3 images directory.
    For example : C:\Users\<user name>\GNS3\images\QEMU\
  3. Go to Edit -> Preference -> QEMU -> QEMU VMs
  4. Click New -> Give Name -> Set type
    1

Continue reading…

Enjoyed this post? Share it!

 
 

How to work with Cisco IOS in GNS3

As in my previous post  I have shared some working Cisco IOS for GNS3, now I am going to show you how to use those with the latest version of GNS3 which can be downloaded from GNS3’s official website. The IOS must be compatible with GNS3 and can be added to it by following the simple steps.

  1. Download GNS3 from www.gns3.net.
  2. Install it along with Wireshark, Winpcap and  Virtual Box(optional).
  3. Run GNS3.
    1

Continue reading…

Enjoyed this post? Share it!