Solved

Botnet Gateway

Posted on 2014-12-10
16
67 Views
Last Modified: 2015-04-03
we have powerfull devices to protect our network from Huge traffic attacks like floods or DDOS ...etc.
But we have no solution for some attacks like get attacks , bots ...etc

we are looking for sth. like email gateway i mean is there any server software like botnet gateway ?
0
Comment
Question by:Cahit Eyigunlu
  • 5
  • 4
  • 4
  • +1
16 Comments
 
LVL 61

Expert Comment

by:btan
ID: 40493180
bot are automated scripted or infected machine. As long as application aware network security appliance is available, they should be able to has some inkling to tighten. Like subscribe with blacklisted IP or url or like of anonymous gateway such as Tor and detect P2P based applications.

But most of it I see it is more from DDoS and HTTP attack which you can check out web application firewall (F5 Network ASM, Imperva Securesphere, Trustwave Webdefend, Penta security Wapples  or equv) and DDoS defends will be be good not only on premise but also from the upstream perspective against volumetric going to 70Gbps till recently reported 400Gbps. Explore the CDN like CloudFlare, Akamai, Incapsula. Also web server has software like mod_security
0
 
LVL 69

Expert Comment

by:Merete
ID: 40493195
The hosts file can also be modified
http://someonewhocares.org/hosts/
0
 
LVL 61

Expert Comment

by:gheist
ID: 40493240
I am sorry - what is a "get attack"? Like people browsing your website?

When you go to doctor - are you teking all the medicines for all the diseases in the world or just one that ails you since yesterday?
0
 

Author Comment

by:Cahit Eyigunlu
ID: 40493333
we are looking for something more complicated we have already dos block hardwares like SRX3600 or Netscaler

we do need a gateway which follow visitors and check for what if
* they acceptt cookies
* browsers are valid
* downloading images
* ip is not listed as bot
* ...... etc


and we have 500+ server so we do not have a chence to use a proxy design all A records ...etc

we just want to do this for 80 port transparently
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 334 total points
ID: 40493352
If you goggle for "squid transparent proxy" it gets you somewhere.
The transparent part can even be a Cisco router, for squid you need some UNIX with lots of RAM
0
 
LVL 61

Expert Comment

by:btan
ID: 40493371
any web proxy and WAF should do with the rule as well. it depends on the use case and note that this need tuning and not plug an play appliance..
0
 
LVL 61

Expert Comment

by:gheist
ID: 40493458
Asker mentioned that he wants the plug play way - so only transparent proxy can do.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:Cahit Eyigunlu
ID: 40493524
@gheist that is a good start

http://www.deckle.co.uk/squid-users-guide/transparent-caching-proxy.html

i think this is what we are looking for but we need a little more steps to do.  In this proxy how should check the user's behaviours like what if the download images or not ?
do we need to write scripts ?
0
 
LVL 61

Expert Comment

by:btan
ID: 40493671
mod security is another candidate as mentioned, check out the deployment option via reverse proxy or even embedded into web server - http://www.modsecurity.org/about.html
it has extensive Core Rule Set (CRS) covering
HTTP Protocol Protection
Real-time Blacklist Lookups
HTTP Denial of Service Protections
Generic Web Attack Protection
Error Detection and Hiding
Virtual Patching
IP Reputation
Web-based Malware Detection
Webshell/Backdoor Detection
Botnet Attack Detection
HTTP Denial of Service (DoS) Attack Detection
Anti-Virus Scanning of File Attachments
http://www.modsecurity.org/rules.html
0
 

Author Comment

by:Cahit Eyigunlu
ID: 40517034
mod security should not resolve it we are using nginx proxy but we are looking something like transparent proxy as gheit mentioned.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40517061
Can you find small department to try this on?
Do you have routers that have WCCP support like Cisco?
Or instead you need to rewire your network core to get proxy working
0
 

Author Comment

by:Cahit Eyigunlu
ID: 40517163
We have Juniper Ex4500 i think it is capabile for this ?
0
 
LVL 61

Accepted Solution

by:
gheist earned 334 total points
ID: 40517179
No, not WCCP, but there is some trickery that may help/
http://kb.juniper.net/InfoCenter/index?page=content&id=KB23895
0
 
LVL 61

Assisted Solution

by:btan
btan earned 166 total points
ID: 40517204
Zeroshell can be a transparent proxy (configured as the default gateway)
http://www.zeroshell.org/proxy-antivirus/
You may want then to consider Juniper SRX (though not Ex) with Web App (reverse proxy), SecInt and Spotlight Secure (int feeds) http://www.juniper.net/techpubs/en_US/release-independent/spotlight-secure/topics/concept/secure-secint-architecture-overview.html
You can connect up SRX with Ex with LACP
http://kb.juniper.net/InfoCenter/index?page=content&id=KB22474
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now