Juniper SA系列设备,如果internal接口的网关不可达,那么external接口和virtual ip address均不会生效,虽然internal接口的ip地址可以ping通。换言之,internal接口的网关是否可达,是判断设备是否正常启动的标准。
详见下面的KB:
Virtual IP and / or External port not available
Knowledge Base ID: KB8815
Version: 2.0
Published: 07 Oct 2008
Updated: 07 Oct 2008
Categories: . SSL VPN
. SSL_VPN_(IVE_OS)
Synopsis:
Virtual IP ad
从juniper网站上找到下面的kb,可以看出来,JUNIPER SA设备端口内外有别,外部接口只用来接收VPN连接的发起,而访问各种资源的对话则是内部接口的活儿。
IVE uses internal port’s gateway to connect to application servers hosted on its external/DMZ port IP subnet.
Knowledge Base ID: KB2579
Version: 2.0
Published: 07 Oct 2008
Updated: 07 Oct 2008
Categories: . SSL VPN
. SA_3000
. SA_5000
. SA_700
. SA_1000
. SSL_VP
xizhi.zhu 写道 "在本次Black Hat黑客大会上,黑客Moxie Marlinspike提出了一种新的SSL中间人攻击手段,该攻击是由于CA和浏览器的错误实现引起的。利用这个攻击手段,Moxie在24小时内就从 Gmail、Yahoo、Hotmail、Paypal、Facebook等站点收集到了117个电子邮件帐户,16个信用卡号,7个paypal帐号, 以及超过300个其他帐号。"
漏洞的发现者showrun.lee貌似是一
The books in the Solaris System Administration series are designed to teach practicing and aspiring system administrators how to manage Solaris in an IT environment. Solaris Security Essentials covers the main security features in the Solaris operating system, including roles and privileges, cryptographic services, network security, auditing
客户的一台Cisco PIX 525瘫痪,console口登上去终端也无响应,重启之后可以登录,但几分钟后就再次无响应。
直觉是DDOS攻击,或者是内网流量太大,导致PIX资源耗尽。无论是哪一种情况,都应该是比较严重的行为,因为PIX525的硬件性能还是相当不错的,而且后面还串着一台趋势的防毒墙,多少能顶些作用。
远程登录之后,show conn,看到大量的如下显示:
UDP out 61.175.211.100:1322 in 192.168.12.17:15000 idle 0:01:20 flags -UDP out 61.175.211.100:1325 in 192.168.12.17:15000 idle 0:01:19 flags -UDP out 61.175.211.100:1324 in 192.168.12.17:15000 idle 0:01:19 flags -UDP out 61.175.211.100:1327 in 192.168.12.17:15000 idle
如何应对最近的ZOTOB 和 WORM_RBOT.CBQ 蠕虫病毒
呵呵,都是Michael Lynn惹的祸啊,他在Black Hat的演讲台上讲的潇洒,首先是害的Cisco乱紧张,接着是Black Hat的工作人员在Cisco的压力之下连夜做手工活儿:撕书!因为Lynn的演讲内容已经编入Black Hat大会的Hardcopy和光盘资料之内,Cisco的诉讼威胁逼的一帮大老爷们儿连夜把Lynn攻击Cisco IOS路由器的内容处理掉。
事情原委参见:
http://blog.donews.com/sealong/archive/2005/08/03/493511.aspx