Solved

Botnet Gateway

Posted on 2014-12-10
16
83 Views
Last Modified: 2015-04-03
we have powerfull devices to protect our network from Huge traffic attacks like floods or DDOS ...etc.
But we have no solution for some attacks like get attacks , bots ...etc

we are looking for sth. like email gateway i mean is there any server software like botnet gateway ?
0
Comment
Question by:Cahit Eyigunlu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 4
  • +1
16 Comments
 
LVL 63

Expert Comment

by:btan
ID: 40493180
bot are automated scripted or infected machine. As long as application aware network security appliance is available, they should be able to has some inkling to tighten. Like subscribe with blacklisted IP or url or like of anonymous gateway such as Tor and detect P2P based applications.

But most of it I see it is more from DDoS and HTTP attack which you can check out web application firewall (F5 Network ASM, Imperva Securesphere, Trustwave Webdefend, Penta security Wapples  or equv) and DDoS defends will be be good not only on premise but also from the upstream perspective against volumetric going to 70Gbps till recently reported 400Gbps. Explore the CDN like CloudFlare, Akamai, Incapsula. Also web server has software like mod_security
0
 
LVL 70

Expert Comment

by:Merete
ID: 40493195
The hosts file can also be modified
http://someonewhocares.org/hosts/
0
 
LVL 62

Expert Comment

by:gheist
ID: 40493240
I am sorry - what is a "get attack"? Like people browsing your website?

When you go to doctor - are you teking all the medicines for all the diseases in the world or just one that ails you since yesterday?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:Cahit Eyigunlu
ID: 40493333
we are looking for something more complicated we have already dos block hardwares like SRX3600 or Netscaler

we do need a gateway which follow visitors and check for what if
* they acceptt cookies
* browsers are valid
* downloading images
* ip is not listed as bot
* ...... etc


and we have 500+ server so we do not have a chence to use a proxy design all A records ...etc

we just want to do this for 80 port transparently
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 334 total points
ID: 40493352
If you goggle for "squid transparent proxy" it gets you somewhere.
The transparent part can even be a Cisco router, for squid you need some UNIX with lots of RAM
0
 
LVL 63

Expert Comment

by:btan
ID: 40493371
any web proxy and WAF should do with the rule as well. it depends on the use case and note that this need tuning and not plug an play appliance..
0
 
LVL 62

Expert Comment

by:gheist
ID: 40493458
Asker mentioned that he wants the plug play way - so only transparent proxy can do.
0
 

Author Comment

by:Cahit Eyigunlu
ID: 40493524
@gheist that is a good start

http://www.deckle.co.uk/squid-users-guide/transparent-caching-proxy.html

i think this is what we are looking for but we need a little more steps to do.  In this proxy how should check the user's behaviours like what if the download images or not ?
do we need to write scripts ?
0
 
LVL 63

Expert Comment

by:btan
ID: 40493671
mod security is another candidate as mentioned, check out the deployment option via reverse proxy or even embedded into web server - http://www.modsecurity.org/about.html
it has extensive Core Rule Set (CRS) covering
HTTP Protocol Protection
Real-time Blacklist Lookups
HTTP Denial of Service Protections
Generic Web Attack Protection
Error Detection and Hiding
Virtual Patching
IP Reputation
Web-based Malware Detection
Webshell/Backdoor Detection
Botnet Attack Detection
HTTP Denial of Service (DoS) Attack Detection
Anti-Virus Scanning of File Attachments
http://www.modsecurity.org/rules.html
0
 

Author Comment

by:Cahit Eyigunlu
ID: 40517034
mod security should not resolve it we are using nginx proxy but we are looking something like transparent proxy as gheit mentioned.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40517061
Can you find small department to try this on?
Do you have routers that have WCCP support like Cisco?
Or instead you need to rewire your network core to get proxy working
0
 

Author Comment

by:Cahit Eyigunlu
ID: 40517163
We have Juniper Ex4500 i think it is capabile for this ?
0
 
LVL 62

Accepted Solution

by:
gheist earned 334 total points
ID: 40517179
No, not WCCP, but there is some trickery that may help/
http://kb.juniper.net/InfoCenter/index?page=content&id=KB23895
0
 
LVL 63

Assisted Solution

by:btan
btan earned 166 total points
ID: 40517204
Zeroshell can be a transparent proxy (configured as the default gateway)
http://www.zeroshell.org/proxy-antivirus/
You may want then to consider Juniper SRX (though not Ex) with Web App (reverse proxy), SecInt and Spotlight Secure (int feeds) http://www.juniper.net/techpubs/en_US/release-independent/spotlight-secure/topics/concept/secure-secint-architecture-overview.html
You can connect up SRX with Ex with LACP
http://kb.juniper.net/InfoCenter/index?page=content&id=KB22474
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question