RTBH using BGP communities

RTBH stands for Remote Triggering Black Hole, which means, the ability to route traffic to black hole from remote. In the real world the intention is to allow customers to instruct their ISP to route traffic to black hole without any intervention from the ISP side.

So why do we want to route traffic to black hole? in case of DoS/DDoS we would like to stop the attack ASAP and the best way to accomplish that is by routing traffic designate to victim into black hole and to prevent from the excess traffic (or pps) to reach or go through our links and devices.

looking on the network diagram we can see that the attacker will conduct his DoS attack through the ISP toward the customer server.
The customer can stop the attack by advertising the victim IP (destination) to the ISP with special community where as the ISP in return will re-route the traffic to this IP toward black hole (null 0 or discard).

Currently we are working with Level3 and Tinet which support RTBH communities 3356:9999 and 3257:2666 respectively.

So if the victim IP was  200.10.0.1 the configuration for Level3 will be:
ip prefix-list PL_RTBH_LEVEL3 permit 200.10.0.1/32
!
route-map RM_BGP_LEVEL3_OUTBOUND permit 10
match ip address prefix-list PL_RTBH_LEVEL3
set community 3356:9999

 take note that although ISP's doesn't s support BGP advertisements less the prefix /24 when it comes to RTBH you can advertise any prefix length includes /32.

How to reset Safe@Office appliance to factory default

Few things to know before reset to factory default:

     1.       All configurations will be erased!

     2.       The appliance will revert back to the firmware version which he came from the manufacture, hence all firmware upgrades, which has been done in the past, will be loss.

     3.       You should follow the instructions carefully to avoid permanent damage to the appliance.

I found that there are two ways to reset Safe@Office appliance, to factory default, and I think it somehow depends on the firmware version which has been installed on the factory.

Method #1:

     1.       Make sure the Safe@Office appliance is powered on

     2.       Press the RESET button on the back of the Safe@Office appliance steadily for seven seconds and then release it.

     3.       Allow the Safe@Office appliance to boot-up until the system is ready (PWR/SEC LED flashes slowly or illuminates steadily in green light).

     4.       Connect a PC to the appliance and check that you receive 192.168.10.xxx IP address

     5.       Login to http://my.firewall (not to 192.168.10.1) and enter password for admin access.

Method #2:

     1.       Unplug the power cord.

     2.       Hold the reset button on the back of the appliance

     3.       Plug in the power cord while holding the button until the PWR/SEC LED is steady red.

     4.       Leave the reset button for 3 seconds

     5.       Press the reset button again for 10 seconds until the PWR/SEC LED starts blinking red

     6.       Connect a PC to the appliance and check that you receive 192.168.10.xxx IP address

     7.       Login to http://my.firewall (not to 192.168.10.1) and enter password for admin access.

Warning: If you choose to reset the Safe@Office appliance by disconnecting the power cable and then reconnecting it, be sure to leave the Safe@Office appliance disconnected for at least three seconds, or the Safe@Office appliance might not function properly until you reboot it as described below

How to upgrade Juniper EX4200 switch software

      1.       Format DOK (disk-on-key), with enough space, to FAT32

      2.       Copy the software image (jinstall-ex-4200-11.3R2.4-domestic-signed.tgz)  into the DOK

      3.       Plug the DOK into the USB port of the switch in the backside

      4.       Enter shell mode [you will need root password]

user@switch> start shell % su Password: root@switch%

       5.       Mount the DOK

mount_msdosfs /dev/da1s1 /mnt

       6.        Copy the image file to temporary directory

cp /mnt/ jinstall-ex-4200-11.3R2.4-domestic-signed.tgz /var/tmp

       7.       Return to operational mode

cli

       8.       Start upgrade process

request system software add /var/tmp/ jinstall-ex-4200-11.3R2.4-domestic-signed.tgz

How to enable Windows XP Network Level Authentication

In order to allow Windows XP to connect, using RDP, to Windows 7, without changing security level, we need to accomplish two steps:

     1.       Install Microsoft Remote Desktop Connection 7.0 client or later

URL: http://support.microsoft.com/kb/969084

      2.       Tweak some registry values

Follow these steps to make the required registry tweaks:

     1.       Open the registry editor, Start->Run->regedit

      2.       Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

      3.       Modify the value Security Packages

      4.       Add the value tspkg

      5.       Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders

      6.       Modify the value SecurityProviders

      7.       Add the value credssp.dll (don’t forget the comma before)

      8.       Exit registry editor

      9.       Restart the computer