Botnet Gateway

we have powerfull devices to protect our network from Huge traffic attacks like floods or DDOS ...etc.
But we have no solution for some attacks like get attacks , bots ...etc

we are looking for sth. like email gateway i mean is there any server software like botnet gateway ?
FireBallITAsked:
Who is Participating?
 
gheistCommented:
No, not WCCP, but there is some trickery that may help/
http://kb.juniper.net/InfoCenter/index?page=content&id=KB23895
0
 
btanExec ConsultantCommented:
bot are automated scripted or infected machine. As long as application aware network security appliance is available, they should be able to has some inkling to tighten. Like subscribe with blacklisted IP or url or like of anonymous gateway such as Tor and detect P2P based applications.

But most of it I see it is more from DDoS and HTTP attack which you can check out web application firewall (F5 Network ASM, Imperva Securesphere, Trustwave Webdefend, Penta security Wapples  or equv) and DDoS defends will be be good not only on premise but also from the upstream perspective against volumetric going to 70Gbps till recently reported 400Gbps. Explore the CDN like CloudFlare, Akamai, Incapsula. Also web server has software like mod_security
0
 
MereteCommented:
The hosts file can also be modified
http://someonewhocares.org/hosts/
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
gheistCommented:
I am sorry - what is a "get attack"? Like people browsing your website?

When you go to doctor - are you teking all the medicines for all the diseases in the world or just one that ails you since yesterday?
0
 
FireBallITAuthor Commented:
we are looking for something more complicated we have already dos block hardwares like SRX3600 or Netscaler

we do need a gateway which follow visitors and check for what if
* they acceptt cookies
* browsers are valid
* downloading images
* ip is not listed as bot
* ...... etc


and we have 500+ server so we do not have a chence to use a proxy design all A records ...etc

we just want to do this for 80 port transparently
0
 
gheistCommented:
If you goggle for "squid transparent proxy" it gets you somewhere.
The transparent part can even be a Cisco router, for squid you need some UNIX with lots of RAM
0
 
btanExec ConsultantCommented:
any web proxy and WAF should do with the rule as well. it depends on the use case and note that this need tuning and not plug an play appliance..
0
 
gheistCommented:
Asker mentioned that he wants the plug play way - so only transparent proxy can do.
0
 
FireBallITAuthor Commented:
@gheist that is a good start

http://www.deckle.co.uk/squid-users-guide/transparent-caching-proxy.html

i think this is what we are looking for but we need a little more steps to do.  In this proxy how should check the user's behaviours like what if the download images or not ?
do we need to write scripts ?
0
 
btanExec ConsultantCommented:
mod security is another candidate as mentioned, check out the deployment option via reverse proxy or even embedded into web server - http://www.modsecurity.org/about.html
it has extensive Core Rule Set (CRS) covering
HTTP Protocol Protection
Real-time Blacklist Lookups
HTTP Denial of Service Protections
Generic Web Attack Protection
Error Detection and Hiding
Virtual Patching
IP Reputation
Web-based Malware Detection
Webshell/Backdoor Detection
Botnet Attack Detection
HTTP Denial of Service (DoS) Attack Detection
Anti-Virus Scanning of File Attachments
http://www.modsecurity.org/rules.html
0
 
FireBallITAuthor Commented:
mod security should not resolve it we are using nginx proxy but we are looking something like transparent proxy as gheit mentioned.
0
 
gheistCommented:
Can you find small department to try this on?
Do you have routers that have WCCP support like Cisco?
Or instead you need to rewire your network core to get proxy working
0
 
FireBallITAuthor Commented:
We have Juniper Ex4500 i think it is capabile for this ?
0
 
btanExec ConsultantCommented:
Zeroshell can be a transparent proxy (configured as the default gateway)
http://www.zeroshell.org/proxy-antivirus/
You may want then to consider Juniper SRX (though not Ex) with Web App (reverse proxy), SecInt and Spotlight Secure (int feeds) http://www.juniper.net/techpubs/en_US/release-independent/spotlight-secure/topics/concept/secure-secint-architecture-overview.html
You can connect up SRX with Ex with LACP
http://kb.juniper.net/InfoCenter/index?page=content&id=KB22474
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.