Configuration on Quagga routers Quagga1# show running-config               hostname Quagga1              log file /var/log/quagga/quagga.log              hostname bgpd              log stdout              password zebra              enable password zebra              interface eth0              ipv6 nd suppress-ra              interface lo              router bgp 100              bgp router-id 10.10.12.1              bgp log-neighbor-changes              redistribute static metric  route-map bh-trigger              neighbor 10.10.12.2 remote-as 100              neighbor 10.10.12.3 remote-as 100             …

3. BGP sessionsa) Configure Quagga1 and Quagga2Install quagga and start bgpd and zebra daemons. bash-4.2# systemctl start bgpd bash-4.2# systemctl start zebra Connect to the configuration console using vtysh. If all sessions are valid you’ll see something similar in exabgp logs: 14:05:40 | 464 | reactor | loaded new configuration…

2) Generate sflow Traffic Send some sflow traffic to FastNetmon from an external machine – machine with IP 192.168.122.1 and marked with hsflowd in the schema. From Linux machine with hsflowd installed https://sflow.net/downloads.php we are sending traffic to FastNetMon machine. Hsflowd has the following configuration: cat /etc/hsflowd.conf sflow { DNSSD=off…

Now it’s time to start FastNetMon1.a) Server side: bash-4.2# cd /opt/fastnetmon/bash-4.2# ./fastnetmon –daemonize –configuration_file /etc/fastnetmon.conf –log_file /var/log/fastnetmon.log Verify if working: bash-4.2# ps -ef | grep fastroot 363 1 0 13:23 ? 00:00:00 ./fastnetmon –daemonize –configuration_file /etc/fastnetmon.conf –log_file /var/log/fastnetmon.log 1.b) Client side: From the same directory from where we have started…

As a bgp daemon we are using quagga, which is easy to be installed on every Linux distro. We are automating the process behind RTBH (Remotely-Triggered Black Hole) which is a very good tool for protecting us in case of a DDoS.Routers Quagga1 – Quagga4 compose the network, and router…

In this scenario I would like to introduce you FastNetMon, ExaBGP and BGP in order to cut DDoS attacks. FastNetMon – https://fastnetmon.com/ is a DDoS Detection tool. The proof of concept is presented in the following picture. The whole scenario is built on Linux environment, environment that supports all the…

Description You want to manage an ssh server that can be reached by specific IPs and only specified commands will be accessible to the ssh user. Explanation In our example we have 2 hosts located in the same network (to prove the concept) with followings IP’s: 192.168.122.1 (backend) and 192.168.122.157…

Google Authenticator as a second factor authentication Description In this post I would like to share another a solution (in my previous post I was talking about DUO – https://duo.com) that can be used as a second  factor authentication. In this moment on the market there are a few solutions…

Blocking unwanted IP addresses on F5 Description A load balancer is a device that acts as a reverse proxy and distributes network or application traffic across a number of servers. Load balancers are used to increase reliability and capacity of the applications. It is very useful to have a solution…

Fail2Ban Description Fail2Ban is a very good tool if you want to protect yourself from intruders and you want to have a good inside of your architecture in terms of access. According with the official description (https://www.fail2ban.org/wiki/index.php/Main_Page) Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious…