SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Addict Limes102's Avatar
    Join Date
    Sep 2006
    Location
    North Wales
    Posts
    242
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Competition to DrayTek?

    Hello there

    At the company I work for, we have two ADSL lines going into a Vigor 2820. This works really well to be fair, but the company seems to be prone to DoS attacks, unfortunately.

    The fact that the connection is down doesn't bother us too much, but the router actually crashes. Once the DoS attack has gone, we can still access the Internet, but some of the NAT goes a bit wrong, and the telnet and web administration doesn't work.

    Can any one offer an alternative to the DrayTek? I do like it but I think we might need something a little faster

    Thanks for any help you can provide

    Thanks

    Aaron

  2. #2
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Can you provide more information about the DoS attack? This probably be something you should be addressing at the network level, more information would be great to help us determine how to proceed.
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  3. #3
    SitePoint Addict Limes102's Avatar
    Join Date
    Sep 2006
    Location
    North Wales
    Posts
    242
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The company is based in a relatively rural area, but we have several email servers, it would cost too much to have email hosting for the level of email we receive.
    Although, this obviously doesn't help with the attack thing.
    We do have DoS defence enable on the router, and ping disable, but it doesn't do much.
    Because the router crashes, it always fails to give us a report of the DoS attack...

    Is that the kind of info you wanted? I don't really know what else to give you

    Thanks!

  4. #4
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Getting there.

    Well, if the router is crashing and therefore cannot review the logs we're in a bit of pickle.

    What external ports are listening for connections without prior internal invocation? Ideally, you'd be wanting to drop all requests on any non-auth'd or already open ports, does the device allow this level of granularity?
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  5. #5
    SitePoint Addict Limes102's Avatar
    Join Date
    Sep 2006
    Location
    North Wales
    Posts
    242
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, we have about 8 routed IP addresses, and we have SMTP, HTTPS and HTTP open, and a couple of others which are fairly bespoke.
    When I do a port scan, all the other ports report as closed.
    You can do a lot of stuff with the router, I think DrayTek define it as a security router... The firewall seems to be pretty good, but still, these occasional DoS attacks aren't good!

    I have looked at a couple of Cisco routers, but I know nothing about Cisco...

    Recommend anything?

  6. #6
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Ideally you need to be able to drop any requests from certain addresses dynamically, Building up these rules/behaviour isn't something that can be done on a whim. Most certainly not on a site providing live services.

    Given your requirements, we do have a few Cisco 887Vs out in the field which could suit but you'll probably find the device you have already suits.

    Dig a little deeper into the devices capabilities, focus on intrusion detection, and see if there is anything that you can configure to drop repeated requests.

    I wish there was more I could help you with, but if security was easy, we'd all be safe.
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  7. #7
    SitePoint Addict Limes102's Avatar
    Join Date
    Sep 2006
    Location
    North Wales
    Posts
    242
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have like every security defence checked
    There are some evil people out there

    Thanks for your help though!

    Aaron

  8. #8
    Robert Wellock silver trophybronze trophy xhtmlcoder's Avatar
    Join Date
    Apr 2002
    Location
    A Maze of Twisty Little Passages
    Posts
    6,316
    Mentioned
    60 Post(s)
    Tagged
    0 Thread(s)
    Hmm, I've configured various virtualised Cisco Routers and Switches via CLI but not I've done an awful lot to do with configuring advanced IOS security commands unfortunately.

    Your 'Security Audit' seems like it has quite a few serious holes, or is being weakly implemented. Also it doesn't sound like you are making full use of the router security protocols or using the 'weaker' or default router security protocols.

    I assume you have tried debugging the NAT and that you are using a VLAN and have enabled port security on each individual Switch port in use and assigned the MAC addresses correctly. Obviously I suspect you'll have packet-filters in place.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •