Is there anyway to block a DDOS attack? I dont know to much about DDOS attacks and how they work, but i think i understand a little bit of it. Is there no way to configure a firewall to detect rapid, spontaneous,continuous amounts of fragmented, random data coming from an IP address? Wouldn't the data coming in from a DDOS server be somewhat distinct from data that flows normally
I am wondering how to change my internet IP address as someone is DDOS attacking me on a daily basis. I have tried all the ipconfig stuff, and unplugged my modem for an hour. Not sure what to do at this point. Plugging my PC directly to the modem changes my IP, but then when I plug my PC back into my router, it changes back.
Does Cisco ASA5510 or 5520 can protect DDos attack and sync flood ?I have problem on this, so how can i protect on this, some time i saw on my log like this"sync flood " or "ddos to xxx.xxx.xxx.xxx" the ip address random .
Currently in my office have a TPlink wireless router (WR1043N), and Dlink 615 router.Below is my office's network organization.Internet-->TPLinkRouter(192.168.2.0)-->DlinkRouter(192.168.0.0)We want to host a demo website but we are afraid our network being attacked. So we wish to implement a DMZ network to hide our internal network from outside. My question is can i setup a dmz network with the above capabilities by using home routers?
How can I block Hulu access via my home network?The reason for this is that I have about 10 computers connected to the network and not very much bandwidth, so I would like to limit web access strictly to browsing, emails, etc and not for streaming TV/media.
My network is running on a Linksys WRT160N router that has been flashed with DD-WRT v24-sp2 (04/23/10) std firmware.I have tried "Website Blocking by URL Address" and "Website Blocking by Keyword" in my router settings but neither seem to take effect.
I study at University of Ostrava and currently I am working on my master thesis. Its content is realization of few attacks on network. Now I am trying to implement ICMP redirecting attack by using Intercepter program. Diagram of my netwok you can see on enclosed picture (Schema.jpg). Through Intercepter program I generate packets ICMP redirect (ICMP type 5), which are successfully sent from PC Attacker, but these packets do not arrive to PC Victim and Warshark shows me messages „ Destination Unreachable (Host Unrecheable).“ When I use instead of Cisco switch non Cisco switch (for example: Edimax) or hub, ICMP redirects packets arrive to PC Victim and I can continue in the attack?
SW: Switch is in the defautl setting Cisco Catalyst 2960 IOS: c2960-lanbasek9-mz.122-50.SE3.bin Router: Set only IP address on FastEthernet interfaces Cisco 2801 IOS: 2801-ipbasek9-mz 124.25f.bin
I am currently getting DoS/DDoS on my asa 5520 , the attacker is hitting IP's that are not even open on any port. The attack is filling up the queues on the firewall which is at 99% CPU during the attack. here's the NetFlow info that I was able to get from my ISP ( since I dont have a Router to do that ). [code]
I have a Time Warner Cable business class service with no static IP, with a wireless modem which is plugged to a CAT5 distribution panel. On the jacks (2 other rooms on the house) I have a Linksys E3000 and a Linksys Valet router for signal boost and gadgets usage (TV, cameras, etc).The main router (TWC) has it's own external IP which TWC assigns to me and internally distributes via DHCP the range 192.168.0.x. With that said:
- The E3000 has a 192.168.0.6 IP -- this is fixed setup on the TWC router (ubee brand) by MAC address - The Valet has a 192.168.0.7 IP -- this is fixed setup on the TWC router (ubee brand) by MAC address - The main router has the 192.168.0.1 as the gateway and web-interface
Whenever I connect something to the E3000, it is distributing the 192.168.1.x range and the valet 192.168.2.x range.That works perfectly for my home based business until I decided to use more stuff on the network such as a IP printer, IP cameras, etc.
- The IP cameras are connected to the E3000 due to signal strength and I have manually assigned them the 192.168.1.15 and 192.168.1.16 IPs and ports 9001 and 9002.
- The printer is connected to the E3000 and I have manually assigned the IP 192.168.1.30.
Issue 1: Port forwarding On the main router (TWC - UBEE) I have tried to setup a port forwarding by informing the Local IP as 192.168.0.6 (E3000 IP), Internal Port 0, Public Interface IP (0.0.0.0), Ext Start Port 9001, Ext End Port 9001, Protocol - Both, Enabled Yes. On the E3000 I did the same config (screen shot attached e3000.png).This is not working properly. I can't get into the camera.
Issue 2: Printer/ The printer is only accessible if I connect to the E3000 (because it is on the 192.168.1.x network)
Issue 3: How to configure all the devices on the same subnet? If I want everyone to be on the 192.168.0.x network, how to configure properly the E3000 and the Valet? I have tried to force them into the same network but it would not work properly. It would not get an IP from the UBEE router (main).
Here's the layout: Cable modem in the basement. Several devices in which I'd prefer a wired connection in the basement. Upstairs on the 1st and 2nd floor of the house are many devices in which wifi is fine or preferred.Here's the problem: As you might guess, wifi is weak upstairs and certainly on the patio and 2nd floor. I have an access point upstairs that I've experimented with but it is flaky.
I am a new student in networking, taking the CCNA courses, and now want to rewire my home. I currently have a cable modem and E2500 setup running my network. I want to get the modem and router out of my computer room and in the basement where the cable enters the house. I want to do this to clean up the computer room wiring a bit and to run line drops to different rooms in the house where the internet will be utilized.Currently there are two PC's, a laptop, a tablet, sometimes a phone, and an XBOX using the internet. I want to get my printer back up and running on the network but thats another story. Only one PC is currently hardwired. I would like to run two cables into the room with the PC and XBOX that are currently using wireless, at least two into the computer room for the PC and network printer, and one or two into the living room for the blue ray player and possibly an internet tv.
I have a D-Link DGL-4500 router and my landlord recently ungraded our internet connection. However, now I get this error message when I try to hook it up to the ethernet hub,"The addressing of the Internet side learnt thru DHCP conflicts with the addressing selected for the LAN side. Internet communications will be disabled until you have changed the LAN side addressing to resolve the problem."
I'm on my 3rd Virgin media 615 today, the last one arrived yesterday and I opened the box to fine a rev d with old bios installed, throw hands in air and all that and then proceeded to upgrade to 4.13 which I have found to be stable and work ok, the other two grow to have the wireless failure issue, I could moan here about VM but hey there's no point so I have come here for adviseafter I found the last one wireless going down, daily trips from the kids down to me to ask why the internet isn't working etc etc I started to investigate, I found the 4.13 and gened up a bit, looked at the 3rd party code and came back to Dlinks own code, anyway I have seen in the last few days hundreds of similar port scans. [code]
Now is the the router being a little sensitive to harmless software companys scans to see if products installed etc or are they something to worry about now I know whats going on if its the latter, and I don't think anyones got in yet but I would like to ban these ip's and to be honest I'm not sure of the best way also I noted a UDP active session that not a part of my subnet too mine being a standard 192.168.0.*and the other being 192.168.4.*.
I manage a CISCO 4404 WLC with about 46 access points across our WAN. System works very well, serving trusted users, guests etc very well.However, over the last month or two we have had an issue where we have had high load on our WAN.We have traced this down to the CISCO 4404, about 3-4 times a day, the controller connects to every access point and transmits about 5-8mb of data on port 5427. This in itself would not be a problem, but it connects to all 46 at the same time.
We are getting continuously log created as below in ASA 5510. I suspect something is going wrong (like system is getting compromised ? )
Note: I have changed the actually public IP to 220.127.116.11 for some security cause.
Mar 18 21:46:19 18.104.22.168 Mar 18 2011 21:46:22: %ASA-2-106017: Deny IP due to Land Attack from 22.214.171.124 to 126.96.36.199Mar 18 21:46:19 188.8.131.52 Mar 18 2011 21:46:23: %ASA-2-106017: Deny IP due to Land Attack from 184.108.40.206 to 220.127.116.11Mar 18 21:46:20 18.104.22.168 Mar 18 2011 21:46:23: %ASA-2-106017: Deny IP due to Land Attack from 22.214.171.124 to 126.96.36.199Mar 18 21:46:21 188.8.131.52 Mar 18 2011 21:46:24: %ASA-2-106017: Deny IP due to Land Attack from 184.108.40.206 to 220.127.116.11(code)
I have multiple questions about the PIX 525 software version 8.0(2) ASDM 6.0 (2)I am a windows network admin that is new to Cisco and routing in general. I have read through the forums and the Cisco documentation, but have not been able to fully understand the topics discussed within.
This option is currently DISSABLED for all interfaces.I know what ip address spoofing is, but what is the functionality of these options specifically? How does it work and should I enable it and for which interfaces? Second Question: Scanning Threat Detection - Auto Shun
I found this option in ASDM under: Configuration --> Firewall --> Threat Detection.Enable Basic Threat Detection and Enable Scanning Threat Detection are both currently ENABLED, but Shun Hosts detected by scanning threat is currently DISABLED. Also, the Networks Excluded from Shun field is empty. I know what the shun command does. I have used it many times when I have been fortunate enough to catch some piece of **** trying to spam my mail server or gain access to it.
What I am asking specifically is how does the Auto Shun work? Should I enable it and what are the potential consequences? Also, what exactly is a scanning attack?
I am not familiar enough with the PIX and with the topics discussed in the document to successfully apply the info within. Plus, I'm not sure it covers the kind of basic, all-inclusive bandwith cap I would like to put in place.
The goal is to cap the maximum internet (outside) bandwidth that inside5 can use to a reasonable percentage while allowing the other interfaces to have the remainder.
How would I go about this implementation? 2. Is there a way to allow inside1 - inside4 to use max bandwidth when there is no traffic on inside5?
I am probably, at least, the third owner of this device and I do not have an account with Cisco nor can my tiny (perhaps non-exsistant given the current economic state) IT budget afford any form of support or software licensing with them.My goal is to backup the IOS and ASDM data in the event that I have to replace the device due to a hardware failure.
I found a file transfer function within ASDM which allowed my to copy the files pix802.bin, asdm-602.bin and tfp from flash to my desktop computer. I also have a copy of the activation key info and my current configuration.
1. Have I backed up all the data/info I would need to restore this software and ASDM to another unit. 2. The activation key screen also has a serial number field. Is this the hardware serial number or is it for the software? and is it tied to this device specifically or can I use it to restore another unit if necessary? 3. Is there anything else I should do or be aware of regarding backup and restore for the PIX? 4. What is the tfp file?
I have setup a webserver on my home PC and I have forwarded port 80 on my router to the IP adress of the PC that is running the web server. The web server is working great; I can get to my web pages from outside of my home by going to http://MyIpAddress/Anyway, the problem is with the Windows Media Player plugin I'm using. I want to embed 6GB MPEG-2 videos into my web pages. I have some videos on my PC and I want to be able to watch them remotely by connecting into my web page. It works fine when I'm at home; other PCs can connect and play the videos no problem. The problem is when I'm at work. When I'm at work, I go to my web page (via my IP address in a web browser) and the Media Player plugin says "Connecting" for a minute, then it says Ready, but the video will not play. I tried using a smaller, AVI file (680 MB) instead to see if the problem was streaming such a large file, but the video still would not play.Do I need to foward more ports on my router so that Windows Media Player can connect back and get the information it needs?
I have ADSL modem in my workplace that is connected to a switch and other workplace computers are connected to this switch so the ADSL internet is shared in LAN network.(in each of computer I set default Gateway to ip of modem .....)I want to dial my workplace from home and then use of workplace internet or connect to workplace LAN.(such as VPN or Port Forwarding or I don't know...)
I have been having a bit of trouble with networking my two machines to share files and allow printing i have a win 7 laptop and a xp home desktop. I share a net connection via 02 wireless box both systems have wireless i have tried many things
We have a WLAN consisting of a WLC 4402 and 11 lightweight APs. For security/compliance reasons we have a Cisco PIX firewall that sits between the WLC (outside) and the APs (inside). The APs are allowed to form LWAPP tunnels through the firewall (inside access-list) to the WLC and the WLAN works as expected.The firewall then limits traffic from the WLAN (outside access list) to certain the internal systems.I have noticed that every so often the firewall logs show continuous "Land attack from 0.0.0.0 0.0.0.0" messages then all APs are disconnected (all lights flash).
I have a Cisco asa 5510. I am doing attack a my firewall, using n map. I am seeing in the log the attack but i like that firewall send only alarm of attack by email . I have active email with warning and i received very much email.
I observed that graph show attack, but not ip of attacker, is possible that Cisco asa show the ip too ? The log show scanning with n map but not shunning IP and not send alarm. How i can send alarm ? The graph no show ip, it's possible show it.
Every time I connect to my home network with iPhone 4 my whole network stops working. Windows 7 is not reporting any problems with connection, nor is my router. I have cable connection with my PC and wireless with my laptop, they both just stop working without any visible reason. Even the iphone i connect with wont work, but of course it says its connected and everything is ok.I tought it was an iOS 5 problem, so I reinstalled it. It worked for an hour then its all back again. I even tried sharing my PC conection so that my iPhone is connected to PC and not directly to router.But that produced the same results.
My Set up at home is as follows: [code] Now according to what I have read I should be able to set the subnet on .2.0 network to a subnet of 254 and this gives me 512 Hosts I believe however my question at this point is how to route between 192.168.1.0 and 192.168.2.0.Or when I set the subnet .254 does the router just route it automatically.I would still set the subnet mask on both networks to 254 correct? I believe I can only use 192.168.0.1 to 192.168.1.255 w/.254 subnet mask. However I already have some servers that are configured with applications (On the 192.168.2.0 network) that I do not want to change ips on because it would be a pain to reconfigure so, my other question is other than using .252 to extend it to 192.168.0.1 to 192.168.3.255, (I need the 192.168.2.0) is there anything I can do? Like use 192.168.1.0 with subnet mask of 255.255.254.0 to get the 192.168.2.0 network? The reason I asked is I was using a subnet calculator to try and figure this out but every time I put in 192.168.1.0 with .254 subnet mask it changed the ip to 192.168.0.1 to 192. 168. 1. 255.I would really like to use the netgear only. The way I have it now is not working I am able to ping the internet from the 192.168.1.0 network but I can't ping from 192.168.2.0 network to the 192.168.1.0 network.
At the moment I have my home network (192.168.0.0/24) like as below (all connect using straight cables): [code] My Cisco lab equipment are in the basement all connecting to an access server which at the moment is plugged into Switch3-dumb (along with a printer & NAS).What I'm thinking is to replace the Switch3-dumb with a 3550 I'll be picking up later this week.Then using this to do as the Switch3-dumb did maybe by creating a native 'vlan 192' & putting it into a gig interface which will connect to the network using the straight cable, also putting the printer & NAS into the same vlan.This will hopefully still give me connectivity throughout.Then when required I'll like to use the 3550 with the rest of my Cisco equipment for setting up different labs (segmenting them from the home network by using different vlans etc.One of my reasons to implement the 3550 into the home network is to be able to play about on a regular basis (port monitor, traffic stats, etc).
My Wifi network has a wpa2 password that is a random string of characters and numbers and yet last month a rogue IP Address kept popping up on my DNS list. It has to be coming from my neighbor who's bedroom is about 15 feet away from my router. So unless someone is sitting out on my front lawn to do this then it must be him.I've been looking for software that will notify me when a connection my router is attempted and kudos if it also asks my permission first would be great.There are wifi packet sniffers out there like Cain&Abel, Airsnort, that sort of thing but I am not quite savvy enough nor do I want to turn this into a complicated hobby but just need a basic warningin case something gets past my passwords again