Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Botnet Gateway

Posted on 2014-12-10
16
Medium Priority
?
104 Views
Last Modified: 2015-04-03
we have powerfull devices to protect our network from Huge traffic attacks like floods or DDOS ...etc.
But we have no solution for some attacks like get attacks , bots ...etc

we are looking for sth. like email gateway i mean is there any server software like botnet gateway ?
0
Comment
Question by:FireBall
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 4
  • +1
16 Comments
 
LVL 64

Expert Comment

by:btan
ID: 40493180
bot are automated scripted or infected machine. As long as application aware network security appliance is available, they should be able to has some inkling to tighten. Like subscribe with blacklisted IP or url or like of anonymous gateway such as Tor and detect P2P based applications.

But most of it I see it is more from DDoS and HTTP attack which you can check out web application firewall (F5 Network ASM, Imperva Securesphere, Trustwave Webdefend, Penta security Wapples  or equv) and DDoS defends will be be good not only on premise but also from the upstream perspective against volumetric going to 70Gbps till recently reported 400Gbps. Explore the CDN like CloudFlare, Akamai, Incapsula. Also web server has software like mod_security
0
 
LVL 70

Expert Comment

by:Merete
ID: 40493195
The hosts file can also be modified
http://someonewhocares.org/hosts/
0
 
LVL 62

Expert Comment

by:gheist
ID: 40493240
I am sorry - what is a "get attack"? Like people browsing your website?

When you go to doctor - are you teking all the medicines for all the diseases in the world or just one that ails you since yesterday?
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 

Author Comment

by:FireBall
ID: 40493333
we are looking for something more complicated we have already dos block hardwares like SRX3600 or Netscaler

we do need a gateway which follow visitors and check for what if
* they acceptt cookies
* browsers are valid
* downloading images
* ip is not listed as bot
* ...... etc


and we have 500+ server so we do not have a chence to use a proxy design all A records ...etc

we just want to do this for 80 port transparently
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 1336 total points
ID: 40493352
If you goggle for "squid transparent proxy" it gets you somewhere.
The transparent part can even be a Cisco router, for squid you need some UNIX with lots of RAM
0
 
LVL 64

Expert Comment

by:btan
ID: 40493371
any web proxy and WAF should do with the rule as well. it depends on the use case and note that this need tuning and not plug an play appliance..
0
 
LVL 62

Expert Comment

by:gheist
ID: 40493458
Asker mentioned that he wants the plug play way - so only transparent proxy can do.
0
 

Author Comment

by:FireBall
ID: 40493524
@gheist that is a good start

http://www.deckle.co.uk/squid-users-guide/transparent-caching-proxy.html

i think this is what we are looking for but we need a little more steps to do.  In this proxy how should check the user's behaviours like what if the download images or not ?
do we need to write scripts ?
0
 
LVL 64

Expert Comment

by:btan
ID: 40493671
mod security is another candidate as mentioned, check out the deployment option via reverse proxy or even embedded into web server - http://www.modsecurity.org/about.html
it has extensive Core Rule Set (CRS) covering
HTTP Protocol Protection
Real-time Blacklist Lookups
HTTP Denial of Service Protections
Generic Web Attack Protection
Error Detection and Hiding
Virtual Patching
IP Reputation
Web-based Malware Detection
Webshell/Backdoor Detection
Botnet Attack Detection
HTTP Denial of Service (DoS) Attack Detection
Anti-Virus Scanning of File Attachments
http://www.modsecurity.org/rules.html
0
 

Author Comment

by:FireBall
ID: 40517034
mod security should not resolve it we are using nginx proxy but we are looking something like transparent proxy as gheit mentioned.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40517061
Can you find small department to try this on?
Do you have routers that have WCCP support like Cisco?
Or instead you need to rewire your network core to get proxy working
0
 

Author Comment

by:FireBall
ID: 40517163
We have Juniper Ex4500 i think it is capabile for this ?
0
 
LVL 62

Accepted Solution

by:
gheist earned 1336 total points
ID: 40517179
No, not WCCP, but there is some trickery that may help/
http://kb.juniper.net/InfoCenter/index?page=content&id=KB23895
0
 
LVL 64

Assisted Solution

by:btan
btan earned 664 total points
ID: 40517204
Zeroshell can be a transparent proxy (configured as the default gateway)
http://www.zeroshell.org/proxy-antivirus/
You may want then to consider Juniper SRX (though not Ex) with Web App (reverse proxy), SecInt and Spotlight Secure (int feeds) http://www.juniper.net/techpubs/en_US/release-independent/spotlight-secure/topics/concept/secure-secint-architecture-overview.html
You can connect up SRX with Ex with LACP
http://kb.juniper.net/InfoCenter/index?page=content&id=KB22474
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
What we learned in Webroot's webinar on multi-vector protection.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question