Black hole filtering

February 17th, 2009 Wael Osama Posted in Security No Comments »

Black hole filtering is a technique usually used by service providers for traffic filtering without applying access-lists. The technique is very useful in mitigation of many types of DOS attacks. The idea behind Black hole filtering is very simple; just define the traffic you want to discard and configure a static route pointing to the [...]

AddThis Social Bookmark Button

MPLS VPN security threats

January 28th, 2009 Wael Osama Posted in MPLS, Security No Comments »

MPLS L3 VPN services is widely used nowadays by many enterprises and organizations. They provide a lot of flexibility in connecting different sites compared to L2VPN services and offloads a lot of the responsibilities from the enterprise to the provider. I have gained all my networking experience in service provider environments, and have seen very [...]

AddThis Social Bookmark Button

Unicast Reverse Path Forwarding

August 12th, 2008 Wael Osama Posted in Security No Comments »

In order for a router to perform its function of forwarding packets it only needs to look at the destination address of the IP packet and never at the source; this allows an attacker to send malformed IP packets using spoofed source IP address and your routers will simply forward these malformed packets to their [...]

AddThis Social Bookmark Button

Limiting non-business related applications during work hours

July 10th, 2008 Wael Osama Posted in CISCO HOW-TO, QOS, Security No Comments »

In this post we will explore how to limit or even stop your employees from using applications that are not related to the business during work hours. In the following example I am going to use HTTP as an example for unwanted applications, you can specify any type of application you would like to limit [...]

AddThis Social Bookmark Button