Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Botnet Gateway

Posted on 2014-12-10
16
Medium Priority
?
106 Views
Last Modified: 2015-04-03
we have powerfull devices to protect our network from Huge traffic attacks like floods or DDOS ...etc.
But we have no solution for some attacks like get attacks , bots ...etc

we are looking for sth. like email gateway i mean is there any server software like botnet gateway ?
0
Comment
Question by:FireBall
  • 5
  • 4
  • 4
  • +1
14 Comments
 
LVL 65

Expert Comment

by:btan
ID: 40493180
bot are automated scripted or infected machine. As long as application aware network security appliance is available, they should be able to has some inkling to tighten. Like subscribe with blacklisted IP or url or like of anonymous gateway such as Tor and detect P2P based applications.

But most of it I see it is more from DDoS and HTTP attack which you can check out web application firewall (F5 Network ASM, Imperva Securesphere, Trustwave Webdefend, Penta security Wapples  or equv) and DDoS defends will be be good not only on premise but also from the upstream perspective against volumetric going to 70Gbps till recently reported 400Gbps. Explore the CDN like CloudFlare, Akamai, Incapsula. Also web server has software like mod_security
0
 
LVL 70

Expert Comment

by:Merete
ID: 40493195
The hosts file can also be modified
http://someonewhocares.org/hosts/
0
 
LVL 62

Expert Comment

by:gheist
ID: 40493240
I am sorry - what is a "get attack"? Like people browsing your website?

When you go to doctor - are you teking all the medicines for all the diseases in the world or just one that ails you since yesterday?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:FireBall
ID: 40493333
we are looking for something more complicated we have already dos block hardwares like SRX3600 or Netscaler

we do need a gateway which follow visitors and check for what if
* they acceptt cookies
* browsers are valid
* downloading images
* ip is not listed as bot
* ...... etc


and we have 500+ server so we do not have a chence to use a proxy design all A records ...etc

we just want to do this for 80 port transparently
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 1336 total points
ID: 40493352
If you goggle for "squid transparent proxy" it gets you somewhere.
The transparent part can even be a Cisco router, for squid you need some UNIX with lots of RAM
0
 
LVL 65

Expert Comment

by:btan
ID: 40493371
any web proxy and WAF should do with the rule as well. it depends on the use case and note that this need tuning and not plug an play appliance..
0
 
LVL 62

Expert Comment

by:gheist
ID: 40493458
Asker mentioned that he wants the plug play way - so only transparent proxy can do.
0
 

Author Comment

by:FireBall
ID: 40493524
@gheist that is a good start

http://www.deckle.co.uk/squid-users-guide/transparent-caching-proxy.html

i think this is what we are looking for but we need a little more steps to do.  In this proxy how should check the user's behaviours like what if the download images or not ?
do we need to write scripts ?
0
 
LVL 65

Expert Comment

by:btan
ID: 40493671
mod security is another candidate as mentioned, check out the deployment option via reverse proxy or even embedded into web server - http://www.modsecurity.org/about.html
it has extensive Core Rule Set (CRS) covering
HTTP Protocol Protection
Real-time Blacklist Lookups
HTTP Denial of Service Protections
Generic Web Attack Protection
Error Detection and Hiding
Virtual Patching
IP Reputation
Web-based Malware Detection
Webshell/Backdoor Detection
Botnet Attack Detection
HTTP Denial of Service (DoS) Attack Detection
Anti-Virus Scanning of File Attachments
http://www.modsecurity.org/rules.html
0
 

Author Comment

by:FireBall
ID: 40517034
mod security should not resolve it we are using nginx proxy but we are looking something like transparent proxy as gheit mentioned.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40517061
Can you find small department to try this on?
Do you have routers that have WCCP support like Cisco?
Or instead you need to rewire your network core to get proxy working
0
 

Author Comment

by:FireBall
ID: 40517163
We have Juniper Ex4500 i think it is capabile for this ?
0
 
LVL 62

Accepted Solution

by:
gheist earned 1336 total points
ID: 40517179
No, not WCCP, but there is some trickery that may help/
http://kb.juniper.net/InfoCenter/index?page=content&id=KB23895
0
 
LVL 65

Assisted Solution

by:btan
btan earned 664 total points
ID: 40517204
Zeroshell can be a transparent proxy (configured as the default gateway)
http://www.zeroshell.org/proxy-antivirus/
You may want then to consider Juniper SRX (though not Ex) with Web App (reverse proxy), SecInt and Spotlight Secure (int feeds) http://www.juniper.net/techpubs/en_US/release-independent/spotlight-secure/topics/concept/secure-secint-architecture-overview.html
You can connect up SRX with Ex with LACP
http://kb.juniper.net/InfoCenter/index?page=content&id=KB22474
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
Ransomware, the malware that locks down its victim’s files until they pay up, has always been a frustrating issue to deal with. However, a recent mobile ransomware will make the issue a little more personal… by sharing the victim’s mobile browsing h…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question